← 返回 Skills 市场
frankxpj

Markdown to HTML Converter

作者 frankxpj · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
76
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install md-2-html
功能描述
Convert Markdown files to formatted HTML. Use when the user asks to convert, export, or save a Markdown file as HTML format. Triggers on phrases like "conver...
安全使用建议
This skill appears to do what it says and does not request credentials or external installs, but its HTML escaping is incomplete. If you will convert untrusted Markdown (e.g., user-submitted content) and publish HTML to a website or CMS, you should: (1) review and fix/augment the converter to properly escape or sanitize inline code, link text, image alt text and other content; (2) or run the produced HTML through a well-maintained HTML sanitizer (e.g., DOMPurify or your CMS's sanitizer) before publishing; (3) consider using a battle-tested Markdown library (marked, markdown-it) if you need robust parsing/security; and (4) test with malicious examples (e.g., <script> tags in inline code or malformed link/image syntax) to verify sanitization. The SKILL.md claim about "safe escaping" is incomplete—treat output as potentially unsafe until sanitized.
功能分析
Type: OpenClaw Skill Name: md-2-html Version: 1.0.1 The skill provides a Markdown-to-HTML conversion utility via `scripts/md2html.js`. While the code is functional and lacks evidence of intentional malice, it contains a security vulnerability: the regex-based parser does not sanitize URLs in links or images, which could allow Cross-Site Scripting (XSS) if the output is rendered in a browser. Per the provided instructions, unintentional vulnerabilities are classified as suspicious.
能力评估
Purpose & Capability
Name, description, SKILL.md, and included script all align: a zero-dependency Node.js converter for Markdown to HTML. There are no unrelated binaries, environment variables, or config paths requested.
Instruction Scope
Runtime instructions are limited to running the bundled Node script or requiring it as a module (expected). However, SKILL.md asserts "Safe escaping — Code blocks escape '<' and '>' to prevent XSS"; the implementation does escape content inside fenced code blocks via escapeHtml(), but several inline transformations are not escaped (inline code, image alt/text, link text/URLs and general paragraph text). That mismatch means converted output can contain raw HTML or characters that lead to XSS if the input is untrusted. SKILL.md also shows a CMS publish example but does not warn that the output may need sanitization before publishing.
Install Mechanism
No install spec and the skill is instruction-only with a bundled JS file. No network downloads, package installs, or extraction steps are present. The zero-dependency claim matches the code.
Credentials
No environment variables, credentials, or config paths are required or accessed; the code only reads from stdin or files provided as arguments.
Persistence & Privilege
The skill is not always-included (always:false) and does not request elevated persistence or modify other skills/system settings. Autonomous invocation is enabled (default) which is normal and expected.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install md-2-html
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /md-2-html 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix: removed lookbehind regex for Node.js v12 compatibility
v1.0.0
Initial release: Zero-dependency Markdown to HTML converter for AI agents. Supports headings, bold, italic, code blocks, lists, links, images, blockquotes. Node.js v0.12+ compatible.
元数据
Slug md-2-html
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Markdown to HTML Converter 是什么?

Convert Markdown files to formatted HTML. Use when the user asks to convert, export, or save a Markdown file as HTML format. Triggers on phrases like "conver... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 76 次。

如何安装 Markdown to HTML Converter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install md-2-html」即可一键安装,无需额外配置。

Markdown to HTML Converter 是免费的吗?

是的,Markdown to HTML Converter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Markdown to HTML Converter 支持哪些平台?

Markdown to HTML Converter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Markdown to HTML Converter?

由 frankxpj(@frankxpj)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论