Skillv1.1.4

ClawScan security

Html Markdown Converter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 18, 2026, 10:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is largely consistent with an HTML↔Markdown converter, but there are small incoherences (an imported child_process spawn suggesting optional external binaries like pandoc, an unrelated set of referenced sites, and a package/version mismatch) and one included source file was truncated so the full behavior couldn't be inspected.
Guidance: What to consider before installing: - Network & file I/O: The tool can fetch arbitrary URLs and batch-process directories. Only run it on machines/agents that are allowed to access the network and the target files. Be careful feeding it internal or sensitive URLs if you don't want them fetched by the agent. - Optional external binary: The converter offers an 'engine' option that includes 'pandoc' and the code imports child_process.spawn; this implies it may call an external pandoc binary when requested. If you rely on that mode, install pandoc yourself and be aware the script may spawn external processes. The skill metadata does not declare this binary requirement. - Unrelated links & metadata mismatch: SKILL.md references automotive APIs and package.json version differs from registry metadata — likely harmless (copy-paste or doc drift) but a sign the bundle wasn't tightly curated. Ask the publisher for clarification if that matters to you. - Truncated file: The html_to_markdown.mjs content provided was truncated in the review bundle; the remainder could contain additional behavior (e.g., spawn usage or other network calls). If you need high assurance, request the full source or run the scripts in an isolated environment first. - Safe practice: Run the tool on non-sensitive sample data first, inspect outputs and any external process calls (strace / process monitor), and prefer running it in a sandbox/container if you will process untrusted inputs or many URLs.

Review Dimensions

Purpose & Capability: noteName/description match the included code: scripts perform HTML→Markdown and Markdown→HTML conversions, support files/URLs/batch modes, use jsdom/readability/turndown/markdown-it as expected. Minor mismatch: the script accepts an engine option that includes 'pandoc' and the module imports child_process.spawn — suggesting it may invoke an external binary (pandoc) when selected, but the skill's metadata does not declare that an external binary is required or optional. Also the SKILL.md includes two unrelated automotive site links (jisuapi/jisuepc) that don't relate to conversion functionality.
Instruction Scope: okRuntime instructions (SKILL.md) are focused on conversion: reading files, directories, URL lists, fetching pages, and writing outputs/reports. Those actions align with the stated purpose. The scripts will fetch arbitrary URLs (network activity) and read/write filesystem paths provided by the user (expected for batch conversion).
Install Mechanism: okNo install spec (instruction-only + bundled scripts); dependencies are normal npm packages listed in package.json. No remote downloads or archive extraction. This is a lower-risk install mechanism.
Credentials: okThe skill declares no required environment variables or credentials. The scripts do network fetches and file system reads/writes, which are proportional to the conversion use case. There are no unexpected credential or config path requests.
Persistence & Privilege: okThe skill is not always-enabled and does not request any system-wide privileges. It reads/writes files in user-specified paths only. Autonomous invocation is enabled by default (normal for skills) but not combined with other high-risk flags.