Local Markdown Editor with Live Preview 本地Markdown网页编辑器
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This local Markdown editor is purpose-aligned, but its local web server exposes file read/write controls too broadly and has an unsafe URL-to-script injection point.
Only run this server when you need it, avoid opening untrusted links or browsing untrusted sites while it is running, and do not use it for sensitive files unless CORS, path restrictions, and URL escaping are fixed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the server is running, another local process or a web page able to reach the localhost API could potentially read or overwrite files that the user account can access.
The Flask API exposes file read/write operations using request-supplied paths and enables cross-origin browser access for all routes. The shown code does not restrict callers to the editor UI, restrict paths to a workspace, or limit operations to Markdown files.
CORS(app) # Enable CORS for all routes ... filepath = request.args.get('path') ... content = read_file(filepath) ... filepath = data.get('path') ... success, message = save_file(filepath, content)Restrict CORS to the editor origin, add a per-session token or CSRF protection, require explicit confirmation for saves, and confine file operations to user-approved Markdown paths.
A malicious link to the local editor could run JavaScript in the editor context and then call the local file APIs while the server is active.
The URL file parameter is inserted directly into a JavaScript string without JSON or HTML escaping. A crafted parameter could break out of the string and run script in the local editor page.
file_param = request.args.get('file') ... html_content = html_content.replace('const initialFilePath = null;', f'const initialFilePath = "{file_param}";')Serialize the value with a safe JSON encoder, escape HTML/script contexts, and reject unexpected characters or paths before injecting URL parameters into the page.
A CDN outage or compromised dependency could affect the editor page and, because the page controls local file APIs, could have higher impact than a normal static webpage dependency.
The editor loads third-party CDN code into the same page that can interact with the local file APIs. This is disclosed as CDN use, but the snippets show no integrity pins or vendored copies.
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css"> <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.5/purify.min.js"></script>
Prefer vendored or pinned dependencies with Subresource Integrity, and avoid loading remote scripts in a local-file editor when offline operation is claimed.