Skillv1.0.0

ClawScan security

Mdnew · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 14, 2026, 10:57 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what it claims (forwards a user-supplied URL to the external markdown.new service and prints the returned Markdown), but it will send arbitrary target URLs to an unknown third-party service with no safeguards—this risks leaking sensitive URLs or content and the SKILL.md/code provide no warnings or validation.
Guidance: This skill will instruct an external service (markdown.new) to fetch whatever URL you pass it. That can leak sensitive data in two ways: (1) URLs often contain tokens or query parameters that reveal secrets, and (2) you may unintentionally ask the external service to fetch internal-only endpoints. Before installing or using: (a) verify who runs markdown.new and whether you trust that operator, (b) never pass URLs containing secrets or authentication tokens, (c) avoid pointing the tool at internal/private network addresses, (d) consider adding URL validation/whitelisting or percent-encoding before sending, and (e) if you need to process sensitive pages, run a local/managed converter instead of an unknown third-party. If you want me to, I can suggest safer local alternatives or propose a small patched script that validates/encodes URLs and warns about internal addresses.

Purpose & Capability: okName/description match the actual behavior: the script queries markdown.new for a converted Markdown version of a provided URL. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: concernThe runtime instructions and script instruct the agent to send arbitrary target URLs to an external service (https://markdown.new/<url>) and then print the response. There is no input validation, no URL encoding, and no warning about sending internal or sensitive URLs or query strings to a third party. That means URL contents or secrets embedded in URLs could be exposed to an external operator.
Install Mechanism: okInstruction-only skill with an included small Python script and no install steps—no code is downloaded at install time. This is lower risk from an installation perspective.
Credentials: okThe skill requests no environment variables or credentials, which is consistent with its stated purpose. However, the code nonetheless causes data about arbitrary targets to be transmitted to a third party, which is not controlled by environment settings.
Persistence & Privilege: okalways:false (no forced inclusion). The skill can be invoked autonomously by default (platform normal), but it does not request persistent privileges or modify other skills.