ClawHub

Markdown转Notion转换器

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears intended to convert Markdown through a third-party API, but it exposes broader remote tool-calling code and stores the API key in a local .env file without enough scoping or user control.

Review this before installing. Use it only with Markdown you are comfortable sending to xiaobenyang.com, and treat the XBY_APIKEY as a persistent local secret because it will be written to .env. Prefer a version that limits remote calls to the single conversion endpoint, validates parameters, avoids generic MCP dispatch, and uses an environment variable or proper secret store instead of writing the key to disk.

SkillSpector (8)

By NVIDIA

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The documentation frames the skill as a local content-format converter, but the required workflow depends on obtaining an external API key and routing data through a remote service. In this context, the discrepancy increases risk because users may unknowingly send proprietary Markdown content and authentication material to a third party.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file implements a generic authenticated remote MCP API client, which is materially broader than a Markdown-to-Notion converter described in the skill metadata. This capability mismatch is dangerous because it can proxy arbitrary remote tool invocations through attacker-controlled or misconfigured tool names and parameters, expanding the skill's effective privileges and obscuring what users and reviewers believe the skill can do.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The call_tool method accepts arbitrary tool_name and params and forwards them to an external service with authentication headers, effectively creating a generic external tool dispatcher. In the context of a Markdown conversion skill, this unjustified capability increases the risk of unauthorized actions, data exfiltration, or abuse of upstream tools beyond the narrow conversion use case users expect.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This module implements API key persistence and secret-management behavior that is unrelated to the declared Markdown-to-Notion conversion purpose. In a skill context, unexplained credential storage broadens the trust boundary and can expose secrets through local filesystem compromise, accidental commits, or reuse by unrelated code.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code both reads and writes API credentials from a local .env file, creating an unnecessary local secret storage mechanism for a document-conversion skill. This increases the chance of credential leakage via source control, backups, multi-user systems, or other local processes that can read the file.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The class docstring references an unrelated gaokao skill, while the metadata claims this is a Markdown-to-Notion converter. Such mismatches are a supply-chain red flag because they suggest copied or repurposed code, making it harder to trust the component's true behavior and increasing the risk of hidden functionality.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function persists an API key to .env without any warning, consent flow, or notice about persistence. Silent credential storage is dangerous because users may assume a temporary in-memory setting while the secret is actually written to disk and may later be exposed.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to collect a user-provided API key and then directly display raw API output. In a remote API workflow, raw responses can include echoed credentials, request metadata, error traces, or other sensitive content, creating an avoidable data exposure risk.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal