Huo15 Markdown Export
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this helper could make the skill active across many workspaces or chat contexts, not just the one where the user intended to install it.
The optional installer propagates this skill into every matching OpenClaw workspace and agent/wecom workspace, changing where the skill is available beyond the current workspace.
for ws in "$OPENCLAW_HOME"/workspace-wecom-*/; do ... install_into_workspace ...; ... for ws in "$OPENCLAW_HOME"/workspace-agent-*/ "$OPENCLAW_HOME"/agents/wecom-*/; do ... install_into_workspace
Use the workspace installer only after reviewing the target list with --dry-run. Prefer an explicit per-workspace install or add confirmation prompts before writing to multiple workspaces.
Opening generated HTML or previewing Markdown may execute third-party code that was not bundled or pinned with the skill.
Generated HTML/preview output loads Mermaid JavaScript from a remote CDN using a broad major-version selector, so code executed in the browser may change outside this skill package.
import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs';
Vendor Mermaid locally or pin an exact version with integrity checks. Clearly disclose that Mermaid rendering requires remote JavaScript, or default to offline/no-Mermaid mode.
If a user renders Markdown from an untrusted source, the resulting preview or HTML file may run embedded browser code.
Raw HTML is enabled in Markdown rendering, and the rendered body is inserted into generated HTML. Untrusted Markdown could therefore include active HTML or scripts in preview/shared output.
const md = new MarkdownIt({
html: true,
linkify: true,Disable raw HTML by default, sanitize HTML, or add a clearly documented trusted-input mode for users who intentionally need raw HTML support.
A private Markdown document preview could be reachable by other devices on the same network if firewall settings allow it.
The preview server advertises localhost, but server.listen(port) does not explicitly bind to 127.0.0.1. In Node this can listen on all interfaces, exposing the rendered Markdown to the local network.
server.listen(port, () => {
console.error(`✓ live preview: http://127.0.0.1:${port}/ watching ${absInput}`);Bind explicitly to 127.0.0.1 by default, add an explicit --host option for network sharing, and warn users when serving anything beyond localhost.
A generated PDF, image, HTML file, or document could be sent to a chat channel or exposed through a sharing link when the user asks to share/publish.
The share workflow instructs the agent to send generated files through available chat/upload tools or create public URLs. This matches the share/publish purpose, but it is a high-impact action if used on sensitive documents.
"tools_pattern": ["wecom_send_file", "wechat_send_file", "dingtalk_send_file", "channel_send_file", "huo15_wecom_send_file", "*_send_file", "*_upload_file"],
Use share/publish commands only for documents intended to leave the local machine. Confirm the destination and prefer short-lived links or direct file sending where appropriate.
Sensitive Markdown content may remain in a local knowledge archive after publishing.
The publish flow archives the original Markdown into a persistent knowledge directory, including metadata such as source path and later share URLs.
KB_DIR="$HOME/knowledge/huo15" ... KB_ARCHIVE_PATH="$KB_DIR/${TODAY}-${SLUG}.md" ... cat "$ABS_INPUT"Use --no-archive for sensitive documents, or choose a controlled --kb-dir with appropriate retention and access controls.