ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markdown Ai Rewriter

v0.5.7

基于 markdown-ai-rewriter 的 Markdown AI 改写 Skill(保留结构、章节/全文模式、多模型、图片生成、视频生成)

0· 163·1 current·1 all-time
byPING SI@sipingme
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Markdown rewriting with image/video generation) matches what the files and scripts do: they invoke the markdown-ai-rewriter CLI and call many ML provider APIs. Requesting multiple provider API keys and listing many network domains is coherent for a multi-provider rewriter. However, registry metadata stated no required env vars while SKILL.md and config.json clearly list many provider API keys — an inconsistency in metadata that should be clarified.
Instruction Scope
Runtime instructions and the included scripts simply delegate to the npm CLI package (spawnSync npx markdown-ai-rewrite ...). The skill's runtime actions are limited to running the CLI, reading/writing Markdown files, and contacting model provider APIs. There are no instructions to read unrelated system files or to exfiltrate non-MD data in the provided scripts. Note: the CLI you execute (markdown-ai-rewriter) will itself run arbitrary code and make network calls according to its implementation and configured provider keys.
Install Mechanism
There is no special install spec — the skill is instruction-only with small wrapper scripts. The wrapper uses npx to run the upstream package; npx may fetch and execute code from npm at runtime if not already installed. The package source referenced (npm/github) appears reasonable, not a raw/personal download URL, but running code pulled from npm is an operational risk to be aware of.
Credentials
The environment variables requested (OPENAI_API_KEY, ANTHROPIC_API_KEY, MINIMAX_API_KEY, etc.) are all directly related to the stated multi-provider rewriting/image/video features, so the set is proportional to the functionality. That said, the registry metadata listed no required env vars while SKILL.md/config.json list many optional/required keys — this mismatch should be fixed so users know what credentials the skill expects.
!
Persistence & Privilege
Registry flags show always: false and user-invocable: true (reasonable). But config.json includes skill.enabled: true and autoInvoke: true, and it enumerates filesystem and network permissions (read *.md, write ~/.markdown-ai-rewriter/, many domains). The autoInvoke setting in config.json contrasts with the registry flags and could mean the skill may be auto-invoked by the environment. Combined with the ability to run npx (which executes code) and broad network domains, this raises a privilege/misconfiguration concern to verify before enabling.
What to consider before installing
This skill appears to be what it claims (a multi-provider Markdown rewriter) but check these items before installing: - Metadata mismatch: SKILL.md and config.json expect many provider API keys, but the registry metadata lists none — make sure you only provide keys you intend to share and that you understand which keys are required for which features. - npx runtime execution: the wrapper runs `npx markdown-ai-rewrite ...`. If that package is not already installed, npx will download and run code from npm at runtime. Review the upstream npm/github repository (https://github.com/sipingme/markdown-ai-rewriter and the npm package) to confirm you trust its code. - Auto-invoke / enabled flag: config.json sets autoInvoke: true and enabled: true while registry flags show always: false. Confirm with your platform whether the skill will be automatically invoked. If you do not want automatic invocation, disable autoInvoke or the skill until you are comfortable. - Limit credentials exposure: create separate, limited-scope API keys for use with this skill where possible (don’t reuse high-privilege or long-lived account keys). Avoid pasting unused provider keys into the environment. - Network and filesystem: the skill will read Markdown files and make network requests to many provider domains. Ensure you don’t point it at sensitive documents and that outgoing network policy is acceptable. If you want to proceed, review the upstream package source and consider running the CLI in an isolated environment (CI container or sandbox) first.
scripts/rewrite.js:14
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ebyn4sjgbsmyd2p0wgy66s8472vr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments