Back to skill

Security audit

Claw Markdown Preview

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Markdown preview/editor with disclosed local file writes and no artifact-backed evidence of exfiltration or destructive behavior.

Install only if you are comfortable with a local browser preview that can overwrite the Markdown file you open and save pasted images into an images folder. Avoid previewing untrusted Markdown, because the renderer allows raw HTML and some optional themes load remote decorative images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.obfuscated_code

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
assets/lib/markdown-it.min.js:2