html-markdown-converter 安全扫描报告 — 低风险 | ClawSafe

22 /100

html-markdown-converter

Convert HTML↔Markdown for web clipping, clean notes, and batch content migration

A legitimate HTML↔Markdown converter with minor doc-to-code gaps and benign external URL references, but no malicious behavior detected.

技能名称html-markdown-converter

分析耗时45.0s

引擎pi

✓

可以安装

Declare shell execution (pandoc engine) and filesystem WRITE permissions in SKILL.md. Consider removing unrelated external URLs from documentation.

安全发现 4 项

严重性	安全发现	位置
中危	Shell execution not declared in SKILL.md 文档欺骗 The html_to_markdown.mjs script uses node:child_process spawn to execute 'pandoc' when --engine pandoc or --engine best is selected. SKILL.md does not mention shell execution, the pandoc binary requirement, or the spawn behavior. `const child = spawn('pandoc', ['-f', 'html', '-t', to], { stdio: ['pipe', 'pipe', 'pipe'] });` → Add --engine pandoc notes to SKILL.md and declare shell:WRITE permission in the allowed tools mapping. Document pandoc as an optional external dependency.	`scripts/html_to_markdown.mjs:271`
低危	Unrelated external URLs in SKILL.md 文档欺骗 SKILL.md references two automotive-data websites (jisuapi.com, jisuepc.com) with no code-level connection. These appear in a 'Related sites' section and serve no functional purpose in a converter tool. Could indicate SEO promotion or an attempt to associate the skill with unrelated services. `https://jisuapi.com / https://jisuepc.com` → Remove unrelated external URLs from SKILL.md or clarify their purpose. External URLs without functional code integration reduce skill focus and could be a social engineering signal.	`SKILL.md:129`
低危	Allowed tools mapping not declared 文档欺骗 SKILL.md does not include an allowed tools / capability declaration section. Users cannot determine what permissions the skill requires. The skill uses filesystem:WRITE (file output), network:READ (URL fetching), and shell:WRITE (pandoc) without any declaration. `No 'allowed-tools' or 'permissions' section present in SKILL.md` → Add a brief permissions/capabilities section to SKILL.md documenting filesystem (read+write), network (read), and shell (write via pandoc) usage.	`SKILL.md:1`
低危	Unpinned dependency versions 供应链 package.json uses caret (^) ranges for all dependencies (e.g., '^0.5.0', '^14.1.0'). While not inherently malicious, this allows silent major/minor updates that could introduce behavioral changes or vulnerabilities. `"jsdom": "^26.0.0"` → Pin exact versions (remove ^) in package.json for reproducible builds, especially in a skill distribution context.	`package.json:14`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	scripts/html_to_markdown.mjs:writeFileEnsure() writes to --out path; fs.writeFil…
网络访问	`NONE`	`READ`	✗ 越权	scripts/html_to_markdown.mjs:fetchWithTimeout() performs HTTP GET on --url input
命令执行	`NONE`	`WRITE`	✗ 越权	scripts/html_to_markdown.mjs:271 spawn('pandoc',...) for pandoc engine conversio…
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No cross-skill invocation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`NONE`	`NONE`	—	No browser automation detected
数据库	`NONE`	`NONE`	—	No database access detected

2 项发现

🔗

中危外部 URL 外部 URL

https://jisuapi.com

SKILL.md:129

🔗

中危外部 URL 外部 URL

https://jisuepc.com

SKILL.md:130

目录结构

5 文件 · 31.6 KB · 973 行

JavaScript 2f · 786L Markdown 2f · 166L JSON 1f · 21L

├─ ▾ 📁 references

│ └─ 📝 profiles.md Markdown 32L · 1.0 KB

├─ ▾ 📁 scripts

│ ├─ 📜 html_to_markdown.mjs JavaScript 620L · 20.5 KB

│ └─ 📜 markdown_to_html.mjs JavaScript 166L · 6.0 KB

├─ 📋 package.json JSON 21L · 687 B

└─ 📝 SKILL.md Markdown 134L · 3.5 KB

依赖分析 8 项

包名	版本	来源	已知漏洞	备注
`@mozilla/readability`	`^0.5.0`	npm	否	Version not pinned
`gray-matter`	`^4.0.3`	npm	否	Version not pinned
`jsdom`	`^26.0.0`	npm	否	Version not pinned
`markdown-it`	`^14.1.0`	npm	否	Version not pinned
`markdown-it-footnote`	`^4.0.0`	npm	否	Version not pinned
`markdown-it-task-lists`	`^2.1.1`	npm	否	Version not pinned
`turndown`	`^7.2.0`	npm	否	Version not pinned
`turndown-plugin-gfm`	`^1.0.2`	npm	否	Version not pinned

安全亮点

✓ No credential theft: No access to ~/.ssh, ~/.aws, .env, or environment variable iteration for secrets

✓ No data exfiltration: No POST requests, no external data sending, no C2 communication patterns

✓ No obfuscation: All code is readable ESM modules with clear logic flow

✓ No reverse shell or RCE: spawn() only used for pandoc binary (a legitimate CLI tool)

✓ No base64 or dynamic code execution: No eval(), Function(), or atob() patterns

✓ No hidden instructions: No HTML comments with embedded instructions, no prompt injection detected

✓ No supply-chain IOCs: All npm dependencies are from well-known, established packages

✓ No persistence mechanisms: No cron jobs, startup scripts, or backdoor installation

✓ Legitimate use of subprocess: pandoc engine is standard CLI tool for HTML↔Markdown conversion