treemd
PassAudited by ClawScan on May 6, 2026.
Overview
This appears to be a benign Markdown-navigation skill, with the main caveat that it relies on an external treemd CLI the user must trust and install separately.
Before installing, verify the treemd CLI source and version, and use the skill only on Markdown files you intend the agent to inspect. The provided artifacts do not show hidden code, credential use, persistence, or data exfiltration.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run treemd commands on Markdown files you provide or direct it to inspect.
The skill explicitly directs the agent to run a local CLI for Markdown analysis. This is central to the stated purpose, but users should understand that local command execution and file reading are part of normal operation.
For scripted/agent tasks, always use CLI mode. TUI mode is reserved for human interactive viewing.
Use it on documents you are comfortable having the agent analyze, and keep command use scoped to intended Markdown files.
Installing the external treemd binary expands the trust boundary beyond the skill text reviewed here.
The skill relies on an external CLI installed outside the reviewed instruction-only package. This is expected for this skill, but it shifts trust to the Cargo package or GitHub release.
> **Install**: `cargo install treemd` or download binary from [releases](https://github.com/Epistates/treemd/releases)
Install treemd only from a trusted source, prefer pinned versions or verified releases when possible, and review the upstream project if using it in sensitive environments.