← Back to Skills Marketplace
frankxpj

Markdown to HTML Converter

by frankxpj · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
76
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install md-2-html
Description
Convert Markdown files to formatted HTML. Use when the user asks to convert, export, or save a Markdown file as HTML format. Triggers on phrases like "conver...
Usage Guidance
This skill appears to do what it says and does not request credentials or external installs, but its HTML escaping is incomplete. If you will convert untrusted Markdown (e.g., user-submitted content) and publish HTML to a website or CMS, you should: (1) review and fix/augment the converter to properly escape or sanitize inline code, link text, image alt text and other content; (2) or run the produced HTML through a well-maintained HTML sanitizer (e.g., DOMPurify or your CMS's sanitizer) before publishing; (3) consider using a battle-tested Markdown library (marked, markdown-it) if you need robust parsing/security; and (4) test with malicious examples (e.g., <script> tags in inline code or malformed link/image syntax) to verify sanitization. The SKILL.md claim about "safe escaping" is incomplete—treat output as potentially unsafe until sanitized.
Capability Analysis
Type: OpenClaw Skill Name: md-2-html Version: 1.0.1 The skill provides a Markdown-to-HTML conversion utility via `scripts/md2html.js`. While the code is functional and lacks evidence of intentional malice, it contains a security vulnerability: the regex-based parser does not sanitize URLs in links or images, which could allow Cross-Site Scripting (XSS) if the output is rendered in a browser. Per the provided instructions, unintentional vulnerabilities are classified as suspicious.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and included script all align: a zero-dependency Node.js converter for Markdown to HTML. There are no unrelated binaries, environment variables, or config paths requested.
Instruction Scope
Runtime instructions are limited to running the bundled Node script or requiring it as a module (expected). However, SKILL.md asserts "Safe escaping — Code blocks escape '<' and '>' to prevent XSS"; the implementation does escape content inside fenced code blocks via escapeHtml(), but several inline transformations are not escaped (inline code, image alt/text, link text/URLs and general paragraph text). That mismatch means converted output can contain raw HTML or characters that lead to XSS if the input is untrusted. SKILL.md also shows a CMS publish example but does not warn that the output may need sanitization before publishing.
Install Mechanism
No install spec and the skill is instruction-only with a bundled JS file. No network downloads, package installs, or extraction steps are present. The zero-dependency claim matches the code.
Credentials
No environment variables, credentials, or config paths are required or accessed; the code only reads from stdin or files provided as arguments.
Persistence & Privilege
The skill is not always-included (always:false) and does not request elevated persistence or modify other skills/system settings. Autonomous invocation is enabled (default) which is normal and expected.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install md-2-html
  3. After installation, invoke the skill by name or use /md-2-html
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix: removed lookbehind regex for Node.js v12 compatibility
v1.0.0
Initial release: Zero-dependency Markdown to HTML converter for AI agents. Supports headings, bold, italic, code blocks, lists, links, images, blockquotes. Node.js v0.12+ compatible.
Metadata
Slug md-2-html
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Markdown to HTML Converter?

Convert Markdown files to formatted HTML. Use when the user asks to convert, export, or save a Markdown file as HTML format. Triggers on phrases like "conver... It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.

How do I install Markdown to HTML Converter?

Run "/install md-2-html" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Markdown to HTML Converter free?

Yes, Markdown to HTML Converter is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Markdown to HTML Converter support?

Markdown to HTML Converter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Markdown to HTML Converter?

It is built and maintained by frankxpj (@frankxpj); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments