ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Quicksort Markdown

v1.0.0

Sort markdown file headings and nested content alphabetically to organize notes efficiently.

0· 23·0 current·0 all-time
by@albionaiinc-del
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (sorting markdown headings) matches the included Python script: the tool reads markdown and outputs sorted lines. However SKILL.md shows usage invoking quicksort_markdown.py while the repository provides tool.py (filename mismatch). The SKILL.md also mentions a price string ($2.50) unrelated to runtime. These inconsistencies suggest sloppy packaging but not malicious intent.
Instruction Scope
Runtime instructions are limited to running the Python script on a local file or stdin/stdout. Neither the instructions nor the code access network, environment variables, or unrelated filesystem paths. The code only reads the provided input file (or stdin) and writes the specified output.
Install Mechanism
No install spec is provided (instruction-only skill plus a local script). Nothing is downloaded or written to disk at install time beyond the included files.
Credentials
The skill requires no environment variables, credentials, or config paths. The code operates solely on provided input/output streams.
Persistence & Privilege
The skill does not request persistent privileges; always:false and normal invocation semantics apply. It does not modify other skills or system configurations.
What to consider before installing
This tool appears to be a simple local Markdown sorter, but the package has a few packaging/implementation issues. Before installing or using it: 1) Inspect the script (tool.py) locally — it does not contact the network or read secrets. 2) Note the SKILL.md uses a different filename (quicksort_markdown.py) — either rename the script or call it directly (python tool.py). 3) Test on a copy of your notes (keep a backup or use version control) — the sorting logic has bugs that may reorder sections unexpectedly (e.g., top-level selection logic is odd). 4) If you will run it on sensitive files, read through the code line-by-line to gain confidence. If you prefer, use a well-maintained alternative tool or library with more robust parsing. If you want, I can point out the specific lines in tool.py that are likely buggy and suggest fixes.

Like a lobster shell, security has layers — review code before you run it.

latestvk978w9pkhjgv3np3kjw2rg62eh84wyn2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments