by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: it runs a bundled Python script to convert a Markdown file to HTML. Before installing or running it, consider: (1) The script will read any local files referenced by image links in the Markdown (including absolute paths) and embed their bytes into the output when --embed-images is used — do not run it on untrusted Markdown that points to sensitive local files. (2) The generated HTML may include raw HTML from the input and can therefore execute scripts when ...详细分析 ▾
✓ 用途与能力
Name/description match the included script and SKILL.md: the tool converts markdown to styled HTML, supports directive blocks, and optionally embeds/compresses local images. No unexplained credentials, binaries, or config paths are requested.
ℹ 指令范围
SKILL.md instructs the agent to run the included Python script on an input .md and output an .html file. The script will read the input markdown and any local files referenced by image links (relative to the input file). It does not contact external endpoints. Be aware the generated HTML may include raw HTML from the Markdown and thus can contain active script/content if the input includes it.
✓ 安装机制
No install spec is provided (instruction-only with an included script). Nothing is downloaded from external URLs; code is bundled with the skill. This is low install risk.
✓ 凭证需求
The skill requires no environment variables, credentials, or system config paths. The only filesystem access performed is reading the input Markdown and any local image files referenced by it (expected for image embedding).
✓ 持久化与权限
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/10
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install md-to-page
镜像加速npx clawhub@latest install md-to-page --registry https://cn.longxiaskill.com