← Back to Skills Marketplace
586
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install markdown-browser
Description
Wrapper skill for OpenClaw web_fetch results. Use when you need MECE post-processing on fetched pages: policy decision from Content-Signal, privacy redaction...
Usage Guidance
This skill appears to do what it says: normalize web_fetch output, redact obvious query param secrets, parse Content-Signal, and convert HTML to Markdown using the 'turndown' library. The main risk is the install step: package-lock.json resolves dependency tarballs to a third‑party mirror (mirrors.tencentyun.com). Before running npm install from this repo, either (1) inspect package-lock.json and the dependency source(s), (2) prefer installing dependencies from the official npm registry, or (3) vendor the minimal dependency (turndown) into a vetted location. If you only need the logic and don't want to run npm install, you can review browser.js and re-implement or run it in a sandbox where installing from external registries is acceptable. If you plan to run the provided npm install in production or on a host with sensitive credentials, audit the lockfile and downloaded tarballs first.
Capability Analysis
Type: OpenClaw Skill
Name: markdown-browser
Version: 1.0.0
The skill bundle is classified as suspicious due to a supply chain vulnerability identified in `package-lock.json`. Dependencies `turndown` and `@mixmark-io/domino` are resolved from `http://mirrors.tencentyun.com/npm/` instead of the official npm registry. While the provided code in `browser.js` appears benign and implements stated privacy and content normalization features (e.g., URL redaction), relying on a non-standard, potentially untrusted mirror introduces a significant risk of malicious package injection if the mirror is compromised or controlled by an attacker. There is no evidence of direct malicious intent in the skill's own code or prompt injection attempts in `SKILL.md` or `README.md`.
Capability Assessment
Purpose & Capability
Name/description describe a wrapper for OpenClaw web_fetch; the included browser.js implements exactly that: parsing Content-Signal, redacting URL parts, converting HTML→Markdown, and producing a stable JSON schema. It does not request unrelated credentials or access.
Instruction Scope
SKILL.md confines runtime behavior to: accept a web_fetch payload, optional header values, and run local normalization/redaction. The instructions explicitly forbid making direct HTTP fetches and the code follows that. It reads only the provided web_fetch JSON (stdin or file) and prints normalized JSON.
Install Mechanism
The package is instruction-only in the registry, but runtime/README recommend running 'npm install' to obtain 'turndown'. The shipped package-lock.json contains resolved tarball URLs pointing at mirrors.tencentyun.com (a third-party mirror) rather than the default npm registry or a well-known release host. That makes the install step higher risk because it could cause code to be fetched from an unexpected host. There is no explicit install spec in the registry metadata, so installation is up to the user/agent — inspect before running.
Credentials
The skill declares no required environment variables or credentials and the code does not access environment secrets or external configs. It only reads a provided web_fetch JSON and optional header strings.
Persistence & Privilege
The skill is not always-enabled and does not request system-level persistence or modify other skills/config. It only runs as a wrapper when invoked; nothing in the package attempts to alter agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install markdown-browser - After installation, invoke the skill by name or use
/markdown-browser - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of markdown-browser as an orchestration wrapper for OpenClaw web_fetch results.
- Provides MECE post-processing: policy decisions, privacy-preserving URL redaction, and optional markdown normalization.
- Ensures official web_fetch is always the fetch source; does not perform direct HTTP fetches.
- Returns a stable output schema including normalized content, policy action, signal headers, redacted source URL, and status code.
- Includes CLI instructions for running post-processing on existing web_fetch payloads.
Metadata
Frequently Asked Questions
What is Markdown Browser?
Wrapper skill for OpenClaw web_fetch results. Use when you need MECE post-processing on fetched pages: policy decision from Content-Signal, privacy redaction... It is an AI Agent Skill for Claude Code / OpenClaw, with 586 downloads so far.
How do I install Markdown Browser?
Run "/install markdown-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Markdown Browser free?
Yes, Markdown Browser is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Markdown Browser support?
Markdown Browser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Markdown Browser?
It is built and maintained by 2233admin (@2233admin); the current version is v1.0.0.
More Skills