Markdown Ai Rewriter
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Markdown rewriting skill, but it uses external AI providers, API keys, and an npm package that users should verify before use.
Before installing, verify the npm package source and version, configure only the API key for the provider you plan to use, and avoid sending sensitive Markdown or media to external providers unless you are comfortable with that provider's data handling.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may spend credits or quota on the selected AI provider account.
The skill documents many provider API keys for model, image, and video services. This is expected for the stated functionality, but these credentials can grant paid account access.
OPENAI_API_KEY: "OpenAI API Key" ... ANTHROPIC_API_KEY ... GEMINI_API_KEY ... RUNWAY_API_KEY
Configure only the provider key you intend to use, prefer least-privileged or project-scoped keys where available, and monitor provider usage.
If the installed npm package or local node_modules copy is not the expected one, the imported code would run with the same access as the skill.
The launcher executes the external npm package's CLI via dynamic import, including resolution from standard node_modules locations. This is central to the skill, but it makes package provenance important.
const PINNED_PACKAGE = 'markdown-ai-rewriter'; ... path.join(process.cwd(), 'node_modules'), ... await import(pathToFileURL(entry).href);
Install the documented markdown-ai-rewriter@1.2.5 package from a trusted registry/source and avoid invoking the skill from directories with untrusted same-named packages.
Private Markdown content, referenced media, or prompts may be processed by the selected external AI provider.
The documentation states that Markdown sections or full documents are sent as model requests. This is expected for rewriting, but it means document content may leave the local environment.
`section`(默认) | 按指定级别标题切分,分章调用模型 ... `full` | 整篇一次请求
Do not use the skill on confidential content unless the chosen provider and account settings meet your privacy and compliance requirements.