← 返回 Skills 市场
Markdown to HTML
作者
claudiodrusus
· GitHub ↗
· v1.1.0
1298
总下载
1
收藏
5
当前安装
3
版本数
在 OpenClaw 中安装
/install markdown-to-html
功能描述
Convert Markdown text to beautifully styled, self-contained HTML with embedded CSS. Perfect for newsletters, documentation, reports, and email templates.
安全使用建议
This skill appears to be what it says: a small, local Python script that converts Markdown to styled HTML and writes an output file. Before using it in production or serving generated HTML to users, consider that the converter does not sanitize input: raw HTML present in Markdown, or crafted link/image URLs and alt text, will be included verbatim in output (the code escapes code-block contents but does not escape inline text/URLs). That can create XSS or unsafe email content if the Markdown is untrusted. If you plan to process untrusted Markdown, either sanitize the result (e.g., use an HTML sanitizer like bleach) or extend the tool to escape/validate URLs and inline text. Otherwise this skill is coherent and low-risk in terms of hidden network/credential behavior.
功能分析
Type: OpenClaw Skill
Name: markdown-to-html
Version: 1.1.0
The skill is classified as suspicious due to a significant Cross-Site Scripting (XSS) vulnerability in the `main.py` script. The `md_to_html` function, specifically within the `inline` helper, fails to properly escape user-provided markdown content for link text and image alt text before embedding it into the generated HTML. This allows an attacker to inject arbitrary HTML/JavaScript into the output, which could lead to client-side attacks when the generated HTML is viewed. There are no other indicators of malicious intent such as data exfiltration, persistence, or direct prompt injection attempts against the OpenClaw agent in `SKILL.md`.
能力评估
Purpose & Capability
Name/description (convert Markdown to self-contained HTML) matches the provided runtime instructions and the included main.py implementation. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md usage examples and CLI options match main.py. However, neither the docs nor the tool warn that the converter preserves or emits raw HTML from input (the code does not sanitize or strip HTML), so using this on untrusted markdown may produce unsafe output (XSS) — this is a functional/security caveat rather than an incoherence.
Install Mechanism
No install spec (instruction-only skill) and the code is provided inline. Nothing is downloaded or executed from external URLs; no install-related risks detected.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not access secrets or unrelated system configuration.
Persistence & Privilege
always is false and the skill does not request persistent/system-level privileges or modify other skills/config. Autonomous invocation is allowed (platform default) and is appropriate here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install markdown-to-html - 安装完成后,直接呼叫该 Skill 的名称或使用
/markdown-to-html触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
No visible changes in this release.
- Version bumped to 1.1.0.
- No updates detected in documentation or files.
v1.0.1
v1.0.1: docs update
v1.0.0
Initial release
元数据
常见问题
Markdown to HTML 是什么?
Convert Markdown text to beautifully styled, self-contained HTML with embedded CSS. Perfect for newsletters, documentation, reports, and email templates. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1298 次。
如何安装 Markdown to HTML?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install markdown-to-html」即可一键安装,无需额外配置。
Markdown to HTML 是免费的吗?
是的,Markdown to HTML 完全免费(开源免费),可自由下载、安装和使用。
Markdown to HTML 支持哪些平台?
Markdown to HTML 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Markdown to HTML?
由 claudiodrusus(@claudiodrusus)开发并维护,当前版本 v1.1.0。
推荐 Skills