zhy-markdown2wechat Security Report — Low Risk | ClawSafe

15 /100

zhy-markdown2wechat

Converts Markdown to WeChat-compatible inline HTML with theme styles

The skill is a legitimate Markdown-to-WeChat HTML converter with minor documentation gaps but no malicious behavior detected.

Skill Namezhy-markdown2wechat

Duration32.1s

Enginepi

✓

Safe to install

The skill is safe to use. Consider documenting the npm install behavior explicitly in SKILL.md for full transparency.

Findings 2 items

Severity	Finding	Location
Low	Shell execution not explicitly declared Doc Mismatch SKILL.md describes node execution but doesn't explicitly mention that child_process.execSync is used for npm package installation. While '零部署' implies this behavior, explicit declaration would improve transparency. cp.execSync(`npm install ${packageName} --no-save`, { cwd: tempDir, stdio: 'ignore' }) → Add a note in SKILL.md: 'Script automatically installs marked@4 and juice@8 dependencies to a temp directory using npm install.'	`scripts/convert.js:12`
Low	Implicit network access for npm packages Supply Chain The script downloads marked@4 and juice@8 from npm registry at runtime. While versions are pinned and this is the intended 'zero deployment' feature, network access is not declared. cp.execSync(`npm install ${packageName} --no-save` → Document that network access to npm registry is required for first-time execution.	`scripts/convert.js:10`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	SKILL.md declares reading markdown/css and writing output HTML; scripts/convert.…
Shell	`NONE`	`WRITE`	✓ Aligned	scripts/convert.js line 12 uses child_process.execSync for npm install
Network	`NONE`	`READ`	✓ Aligned	npm install implicitly accesses npm registry, documented as '零部署' feature

10 files · 41.7 KB · 2084 lines

CSS 7f · 1956L Markdown 2f · 73L JavaScript 1f · 55L

├─ ▾ 📁 resources

│ └─ ▾ 📁 themes

│ ├─ 📄 apple.css CSS 212L · 4.4 KB

│ ├─ 📄 blue.css CSS 330L · 5.9 KB

│ ├─ 📄 dark.css CSS 333L · 5.7 KB

│ ├─ 📄 default.css CSS 336L · 6.0 KB

│ ├─ 📄 green.css CSS 330L · 5.9 KB

│ ├─ 📄 notion.css CSS 195L · 3.8 KB

│ └─ 📄 vibrant.css CSS 220L · 4.7 KB

├─ ▾ 📁 scripts

│ └─ 📜 convert.js JavaScript 55L · 1.8 KB

├─ 📝 README.md Markdown 35L · 972 B

└─ 📝 SKILL.md Markdown 38L · 2.5 KB

Package	Version	Source	Known Vulns	Notes
`marked`	`4`	npm (runtime install)	No	Version pinned, installed to temp directory
`juice`	`8`	npm (runtime install)	No	Version pinned, installed to temp directory

✓ Dependencies are version-pinned (marked@4, juice@8) preventing supply chain attacks

✓ Temporary directory is cleaned up after execution (finally block)

✓ No credential theft or sensitive file access

✓ No obfuscation or base64-encoded content

✓ No network exfiltration or C2 communication

✓ CSS files are static resources with no dynamic code

✓ Input paths are validated (checks for mdPath and cssPath)

✓ Temp directory created with predictable name in cwd (low impact)