ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markdown Linter

v1.0.0

Validates Markdown files in the workspace for broken local links, missing file references, and basic syntax issues. Use to maintain documentation integrity a...

0· 744·0 current·0 all-time
byWANGJUNJIE@wanng-ide
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Markdown linter) aligns with what the package does: recursively find .md files, check local link targets, header/code-block heuristics. The included test script exercises the linter in a small temporary directory which is consistent with the declared purpose.
Instruction Scope
The runtime instructions and index.js stay within scope (reading workspace files, validating links). One noteworthy behavior: links starting with '/' are handled via path.join(rootDir, linkUrl) in code comments, but because path.join will treat an absolute linkUrl as an absolute path, the linter will end up checking absolute system paths (e.g., '/etc/passwd') if such links appear in scanned Markdown. The linter does not send data externally or access environment variables.
Install Mechanism
No install spec is provided (instruction-only), and there are no declared dependencies. This lowers risk: nothing is downloaded or written during installation beyond normal use of the included JS files.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code only uses fs/path APIs and does not reference process.env or other secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configuration, and requires no persistent privileges. It runs on-demand and can be invoked by the agent as normal.
Assessment
This linter appears to do what it says: it walks the workspace, reads Markdown files, and checks whether linked files exist. It does not transmit data or require credentials. Two practical cautions before using it on sensitive workspaces: (1) if Markdown files contain links that point to absolute paths (starting with '/'), the linter will check those absolute system paths and will report whether they exist — avoid scanning untrusted content that could intentionally probe your filesystem; (2) as with any code-runner, review the included files yourself and run the test in an isolated/sandbox environment first. If you need to prevent absolute-path checks, run the linter with a controlled rootDir or modify the code to explicitly treat leading '/' as relative to the project root only.

Like a lobster shell, security has layers — review code before you run it.

latestvk977y7z85f6x85tjwzt977bk3d8177ts

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments