Html Markdown Converter

Security checks across malware telemetry and agentic risk

Overview

This appears to be a URL-to-Markdown utility whose network fetching is expected for its purpose, with no artifact-backed evidence of hidden or destructive behavior.

Install only if you are comfortable with the skill making outbound requests to URLs you provide. Avoid using it on private intranet, metadata-service, localhost, or credential-bearing URLs unless you understand the exposure risk, and review generated Markdown before sharing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This skill can fetch arbitrary user-supplied URLs and entire URL lists, causing outbound network requests without any explicit warning, allowlist, or SSRF-style restriction. In environments where the agent can reach internal services or sensitive metadata endpoints, an attacker could use this feature to probe internal resources or exfiltrate fetched content into generated markdown and reports.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal