Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
md-to-html
v1.0.6将Markdown格式的笔记转换为带左侧固定目录大纲的可阅读HTML文件。适用于:(1) 将学习笔记、技术文档转换为可浏览的HTML;(2) 为Markdown文件生成带目录导航的阅读界面;(3) 整理长文档生成静态网站。触发条件:用户说转换HTML、markdown转html、生成HTML笔记、把笔记转成网页等
⭐ 1· 198·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Markdown → HTML with sidebar, syntax highlighting, KaTeX, Mermaid) align with the included static assets (Prism, KaTeX, Mermaid) and the declared runtime requirement (python). Requiring only the python binary is proportionate.
Instruction Scope
Runtime instructions tell the agent to run python scripts/md2html.py -i <file>. The conversion is plausible, but the actual behavior depends entirely on scripts/md2html.py. The scanner output shown to me did not include the script's full source (some files were truncated/omitted), so I cannot confirm the script's scope — it could be harmless or it could read other files, access the network, or invoke subprocesses. The SKILL.md itself does not constrain the script's actions or require only the input file to be read.
Install Mechanism
No network installs or external downloads are declared (no install spec). Libraries are bundled in lib/, which is consistent with the 'completely offline' claim. Bundled assets are large but expected for KaTeX/Mermaid/Prism.
Credentials
The skill declares no environment variables, credentials, or config paths. That is appropriate for a local Markdown→HTML converter.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent privileges. Autonomous invocation is allowed but is the platform default; nothing in the metadata requests system-wide changes.
Scan Findings in Context
[base64-block] expected: Large base64 blocks appear in lib/katex.embedded.css (embedded font data URI). Embedding fonts as base64 in CSS is expected for an offline KaTeX build; this finding by itself is not malicious.
[unicode-control-chars] unexpected: The scanner reported Unicode control-character patterns in the SKILL.md content. Unicode control characters (or similar invisible characters) can be used for prompt-injection/obfuscation. The displayed SKILL.md text doesn't obviously show such characters, and the finding might be a false positive caused by combining characters in library code or in truncated outputs — but you should inspect for hidden/RTL/control characters in SKILL.md and any scripts before running.
What to consider before installing
This skill looks coherent at a high level: the bundled JS/CSS libraries match the described features and Python is the only required binary. The main risk is that the agent will run scripts/md2html.py — the scanner output omitted the full script, so you must inspect scripts/md2html.py before installing or executing. Specifically: (1) Open and review scripts/md2html.py for network calls (requests, urllib, sockets), subprocess.exec/spawn usage, or code that reads paths outside the supplied input file. (2) Search all files (including SKILL.md) for invisible Unicode control characters or suspicious string-handling that might attempt injection. (3) Run the script locally on a non-sensitive test Markdown file in a sandbox or container (no network) to observe behavior and any outbound connections. (4) If you are not comfortable reading the Python file, decline installation or run it in an isolated VM. If you share the contents of scripts/md2html.py I can do a more specific code-level review and update the verdict.lib/mermaid.min.js:24149
Potential obfuscated payload detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk971ydfepmnahfrg5jdvtjdkv983grh2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📄 Clawdis
Binspython