html-markdown-converter Security Report — Low Risk | ClawSafe

22 /100

html-markdown-converter

Convert HTML↔Markdown for web clipping, clean notes, and batch content migration

A legitimate HTML↔Markdown converter with minor doc-to-code gaps and benign external URL references, but no malicious behavior detected.

Skill Namehtml-markdown-converter

Duration45.0s

Enginepi

✓

Safe to install

Declare shell execution (pandoc engine) and filesystem WRITE permissions in SKILL.md. Consider removing unrelated external URLs from documentation.

Findings 4 items

Severity	Finding	Location
Medium	Shell execution not declared in SKILL.md Doc Mismatch The html_to_markdown.mjs script uses node:child_process spawn to execute 'pandoc' when --engine pandoc or --engine best is selected. SKILL.md does not mention shell execution, the pandoc binary requirement, or the spawn behavior. `const child = spawn('pandoc', ['-f', 'html', '-t', to], { stdio: ['pipe', 'pipe', 'pipe'] });` → Add --engine pandoc notes to SKILL.md and declare shell:WRITE permission in the allowed tools mapping. Document pandoc as an optional external dependency.	`scripts/html_to_markdown.mjs:271`
Low	Unrelated external URLs in SKILL.md Doc Mismatch SKILL.md references two automotive-data websites (jisuapi.com, jisuepc.com) with no code-level connection. These appear in a 'Related sites' section and serve no functional purpose in a converter tool. Could indicate SEO promotion or an attempt to associate the skill with unrelated services. `https://jisuapi.com / https://jisuepc.com` → Remove unrelated external URLs from SKILL.md or clarify their purpose. External URLs without functional code integration reduce skill focus and could be a social engineering signal.	`SKILL.md:129`
Low	Allowed tools mapping not declared Doc Mismatch SKILL.md does not include an allowed tools / capability declaration section. Users cannot determine what permissions the skill requires. The skill uses filesystem:WRITE (file output), network:READ (URL fetching), and shell:WRITE (pandoc) without any declaration. `No 'allowed-tools' or 'permissions' section present in SKILL.md` → Add a brief permissions/capabilities section to SKILL.md documenting filesystem (read+write), network (read), and shell (write via pandoc) usage.	`SKILL.md:1`
Low	Unpinned dependency versions Supply Chain package.json uses caret (^) ranges for all dependencies (e.g., '^0.5.0', '^14.1.0'). While not inherently malicious, this allows silent major/minor updates that could introduce behavioral changes or vulnerabilities. `"jsdom": "^26.0.0"` → Pin exact versions (remove ^) in package.json for reproducible builds, especially in a skill distribution context.	`package.json:14`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✗ Violation	scripts/html_to_markdown.mjs:writeFileEnsure() writes to --out path; fs.writeFil…
Network	`NONE`	`READ`	✗ Violation	scripts/html_to_markdown.mjs:fetchWithTimeout() performs HTTP GET on --url input
Shell	`NONE`	`WRITE`	✗ Violation	scripts/html_to_markdown.mjs:271 spawn('pandoc',...) for pandoc engine conversio…
Environment	`NONE`	`NONE`	—	No environment variable access detected
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation detected
Clipboard	`NONE`	`NONE`	—	No clipboard access detected
Browser	`NONE`	`NONE`	—	No browser automation detected
Database	`NONE`	`NONE`	—	No database access detected

2 findings

🔗

Medium External URL 外部 URL

https://jisuapi.com

SKILL.md:129

🔗

Medium External URL 外部 URL

https://jisuepc.com

SKILL.md:130

File Tree

5 files · 31.6 KB · 973 lines

JavaScript 2f · 786L Markdown 2f · 166L JSON 1f · 21L

├─ ▾ 📁 references

│ └─ 📝 profiles.md Markdown 32L · 1.0 KB

├─ ▾ 📁 scripts

│ ├─ 📜 html_to_markdown.mjs JavaScript 620L · 20.5 KB

│ └─ 📜 markdown_to_html.mjs JavaScript 166L · 6.0 KB

├─ 📋 package.json JSON 21L · 687 B

└─ 📝 SKILL.md Markdown 134L · 3.5 KB

Dependencies 8 items

Package	Version	Source	Known Vulns	Notes
`@mozilla/readability`	`^0.5.0`	npm	No	Version not pinned
`gray-matter`	`^4.0.3`	npm	No	Version not pinned
`jsdom`	`^26.0.0`	npm	No	Version not pinned
`markdown-it`	`^14.1.0`	npm	No	Version not pinned
`markdown-it-footnote`	`^4.0.0`	npm	No	Version not pinned
`markdown-it-task-lists`	`^2.1.1`	npm	No	Version not pinned
`turndown`	`^7.2.0`	npm	No	Version not pinned
`turndown-plugin-gfm`	`^1.0.2`	npm	No	Version not pinned

Security Positives

✓ No credential theft: No access to ~/.ssh, ~/.aws, .env, or environment variable iteration for secrets

✓ No data exfiltration: No POST requests, no external data sending, no C2 communication patterns

✓ No obfuscation: All code is readable ESM modules with clear logic flow

✓ No reverse shell or RCE: spawn() only used for pandoc binary (a legitimate CLI tool)

✓ No base64 or dynamic code execution: No eval(), Function(), or atob() patterns

✓ No hidden instructions: No HTML comments with embedded instructions, no prompt injection detected

✓ No supply-chain IOCs: All npm dependencies are from well-known, established packages

✓ No persistence mechanisms: No cron jobs, startup scripts, or backdoor installation

✓ Legitimate use of subprocess: pandoc engine is standard CLI tool for HTML↔Markdown conversion

Scan Report

Findings 4 items

File Tree

Dependencies 8 items

Security Positives