← Back to Skills Marketplace

Markdown Viewer

Name: Markdown Viewer
Author: parkertoddbrooks

by Parker Todd Brooks · GitHub ↗ · v1.2.0

cross-platform ⚠ suspicious

1026

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install markdown-viewer

Description

Live markdown viewer for AI pair-editing. When you collaborate, the updates render instantly. Works with any AI agent and web browser.

Usage Guidance

This appears to be what it says: a local markdown viewer implemented as an npm package. Before installing: (1) review the npm package/source (GitHub link in SKILL.md) to verify there are no unexpected behaviors or dependencies; (2) run it without elevated privileges and consider using --root to restrict filesystem access in shared environments; (3) avoid using it to open arbitrary system-sensitive paths (secrets, config files); and (4) remember installing from npm fetches code from the network — if you need stronger assurance, audit the package code or run it in a sandboxed environment.

Capability Analysis

Type: OpenClaw Skill Name: markdown-viewer Version: 1.2.0 The skill bundle is classified as suspicious due to a Local File Inclusion (LFI) vulnerability in the `mdview` tool, explicitly acknowledged in the `SKILL.md` file. The `/view?path=` parameter allows reading arbitrary files from the local filesystem, which could be exploited by an AI agent or user to disclose sensitive data. While the skill author transparently discloses this vulnerability and suggests a mitigation (`--root`), the presence of such a high-risk capability without clear instructions to prevent its misuse by the agent makes it suspicious. There is no evidence of intentional malicious behavior like data exfiltration or persistence.

Capability Assessment

✓ Purpose & Capability

Name/description (live markdown viewer) match the declared needs: Node (to run mdview) and curl (used in the quick-start check). The SKILL.md includes an npm install target and a mdview binary, which is coherent with the stated purpose.

ℹ Instruction Scope

Instructions stay within the viewer's purpose (install npm package, run local server, open /view?path=/absolute/path/to/file.md). Be aware the server reads arbitrary filesystem paths via the path query parameter — that's expected for a viewer but also means the agent or user could open sensitive files. The SKILL.md notes --root to limit access; it doesn't enforce it automatically.

ℹ Install Mechanism

Although this is an instruction-only skill with no shipped code, it tells the user to install @wipcomputer/markdown-viewer from the public npm registry. Installing a global npm package downloads and places code on disk (supply-chain risk). The SKILL.md's claim of "Zero npm dependencies" and "Zero external requests" is slightly misleading because installing the package requires fetching it from npm.

✓ Credentials

The skill requests no environment variables or credentials. The only privilege it needs is filesystem read access to the markdown files whose paths the user supplies; that is proportionate to a viewer but worth noting because absolute paths can point to sensitive files.

✓ Persistence & Privilege

The skill is not always-enabled, does not request elevated persistence, and the server runs only while the user starts it (SKILL.md says it does not survive reboots). Default autonomous invocation is allowed by platform policy but is not in itself a red flag here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install markdown-viewer
After installation, invoke the skill by name or use /markdown-viewer
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.2.0

- Added a new Troubleshooting section covering access restrictions, Safari caching issues, and macOS open quirks. - Clarified Notes with guidance on not starting the server with a file path, drag-and-drop support, and that all dependencies are bundled locally.

v1.0.9

Security: add --root flag to restrict file access

v1.0.8

Add GitHub and npm links to skill header.

v1.0.7

Remove screenshots from repo.

v1.0.6

Fix audit findings: declare curl dependency, add security section, explicit localhost binding.

v1.0.5

Updated description: AI pair-editing, browser agnostic, no brand names.

v1.0.4

Update description.

v1.0.3

Unify description across all platforms.

v1.0.1

Initial release. SSE live reload, zero dependencies, works with any AI coding tool.

Metadata

Slug markdown-viewer

Version 1.2.0

License —

All-time Installs 3

Active Installs 2

Total Versions 9

Frequently Asked Questions

What is Markdown Viewer?

Live markdown viewer for AI pair-editing. When you collaborate, the updates render instantly. Works with any AI agent and web browser. It is an AI Agent Skill for Claude Code / OpenClaw, with 1026 downloads so far.

How do I install Markdown Viewer?

Run "/install markdown-viewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Markdown Viewer free?

Yes, Markdown Viewer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Markdown Viewer support?

Markdown Viewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Markdown Viewer?

It is built and maintained by Parker Todd Brooks (@parkertoddbrooks); the current version is v1.2.0.

More Skills