ClawHub

xg-markdown-to-html

Security checks across malware telemetry and agentic risk

Overview

This Markdown-to-HTML skill appears generally purpose-related, but it exposes Pandoc filter guidance that can run code and its activation scope is broader than necessary.

Review this skill before installing. It may be acceptable for trusted Markdown conversion work, but avoid using Pandoc Lua filters or external filters on untrusted documents unless you explicitly inspect and approve the filter code and command arguments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The reference explicitly includes use of Lua filters and external Pandoc filters, which can execute custom code or invoke external tooling during document conversion. In a markdown-to-HTML skill, this materially expands the attack surface from document rendering to code execution pathways, making malicious documents or instructions far more dangerous if an agent follows this guidance.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description is scoped so broadly that it can activate for generic Markdown, HTML templating, or static-site tasks that may not actually require this specific skill. Over-broad routing increases the chance the agent applies unsafe or overly specific guidance in unrelated contexts, which can lead to inappropriate tool use or missed security distinctions around trusted vs. untrusted content.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation examples are ambiguous and largely one-sided, listing many situations where the skill might apply without defining boundaries where it should not. This can cause misrouting into a conversion-focused skill during broader site-generation or content-processing tasks, where security controls and context-specific handling may differ significantly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal