ClawHub

XML

Parse, generate, and transform XML with correct namespace handling and encoding.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 845 · 2 current installs · 2 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim XML parsing/generation/transform guidance and the SKILL.md contains only XML best-practices and pitfalls; nothing requested (no env vars, binaries, or installs) is out of scope.
Instruction Scope
The SKILL.md is purely documentation-style guidance (namespaces, encoding, escaping, XPath, validation). It does not instruct the agent to read files, call external endpoints, access credentials, or perform system-wide operations.
Install Mechanism
No install spec or code files are present. Because this is instruction-only, there is nothing written to disk or fetched at install time.
Credentials
No environment variables, credentials, or config paths are required; requested access is minimal and proportional to the described functionality.
Persistence & Privilege
Skill is not always-enabled and does not request persistent or elevated privileges. Autonomous invocation is permitted by default on the platform but there are no additional privileges requested by the skill itself.
Assessment
This skill is just a collection of XML best-practice notes — low risk because it contains no code, no install steps, and requests no credentials. Before installing, consider whether you need only static guidance (you can consult the same points from other XML references) and whether you trust the skill publisher. If you plan to have the agent act on real files using these instructions, review any future agent actions the skill triggers (file reads/writes, network calls) since those actions — not this static doc — carry risk.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97b9tmcazrxz0q6q0tyyndths80wy6c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
OSLinux · macOS · Windows

SKILL.md

Namespaces

  • XPath /root/child fails if document has default namespace—use //*[local-name()='child'] or register prefix
  • Default namespace (xmlns="...") applies to elements, not attributes—attributes need explicit prefix
  • Namespace prefix is arbitrary—<foo:element> and <bar:element> are identical if both prefixes map to same URI
  • Child elements don't inherit parent's prefixed namespace—each must declare or use prefix explicitly

Encoding

  • <?xml version="1.0" encoding="UTF-8"?> must match actual file encoding—mismatch corrupts non-ASCII
  • Encoding declaration must be first thing in file—no whitespace or BOM before it (except UTF-8 BOM allowed)
  • Default encoding is UTF-8 if declaration omitted—but explicit is safer across parsers

Escaping & CDATA

  • Five entities always escape in text: &amp; &lt; &gt; &quot; &apos;
  • CDATA sections <![CDATA[...]]> for blocks with many special chars—but ]]> inside CDATA breaks it
  • Attribute values: use &quot; if delimited by ", or &apos; if delimited by '
  • Numeric entities &#60; and &#x3C; work everywhere—useful for edge cases

Whitespace

  • Whitespace between elements is preserved by default—pretty-printing adds nodes that may break processing
  • xml:space="preserve" attribute signals whitespace significance—but not all parsers respect it
  • Normalize-space in XPath: normalize-space(text()) trims and collapses internal whitespace

XPath Pitfalls

  • //element is expensive—traverses entire document; use specific paths when structure is known
  • Position is 1-indexed: [1] is first, not [0]
  • text() returns direct text children only—use string() or . for concatenated descendant text
  • Boolean in predicates: [@attr] tests existence, [@attr=''] tests empty value—different results

Structure

  • Self-closing <tag/> and empty <tag></tag> are semantically identical—but some legacy systems choke on self-closing
  • Comments cannot contain --—will break parser even inside string content
  • Processing instructions <?target data?> cannot have ?> in data
  • Root element required—document with only comments/PIs and no element is invalid

Validation

  • Well-formed ≠ valid—parser may accept structure but fail against schema
  • DTD validates but can't express complex constraints—prefer XSD or RelaxNG for new projects
  • XSD namespace xmlns:xs="http://www.w3.org/2001/XMLSchema" commonly confused with instance namespace

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…