← 返回 Skills 市场
684
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install mdnew
功能描述
Fetch clean, token-efficient Markdown from any URL using markdown.new, optimized for deep analysis with JS support and stripped of boilerplate content.
安全使用建议
This skill will instruct an external service (markdown.new) to fetch whatever URL you pass it. That can leak sensitive data in two ways: (1) URLs often contain tokens or query parameters that reveal secrets, and (2) you may unintentionally ask the external service to fetch internal-only endpoints. Before installing or using: (a) verify who runs markdown.new and whether you trust that operator, (b) never pass URLs containing secrets or authentication tokens, (c) avoid pointing the tool at internal/private network addresses, (d) consider adding URL validation/whitelisting or percent-encoding before sending, and (e) if you need to process sensitive pages, run a local/managed converter instead of an unknown third-party. If you want me to, I can suggest safer local alternatives or propose a small patched script that validates/encodes URLs and warns about internal addresses.
功能分析
Type: OpenClaw Skill
Name: mdnew
Version: 1.0.0
The skill is designed to fetch markdown content from a user-provided URL via the `markdown.new` service. The `SKILL.md` instructions are clear and do not contain any prompt injection attempts. The `scripts/mdnew.py` code makes a straightforward HTTP request to `https://markdown.new/` with the target URL embedded in the path. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. While the skill makes an outbound network request to an external service with a user-controlled URL, this is its stated purpose and does not indicate malicious intent or introduce high-risk vulnerabilities within the skill's own code.
能力评估
Purpose & Capability
Name/description match the actual behavior: the script queries markdown.new for a converted Markdown version of a provided URL. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
The runtime instructions and script instruct the agent to send arbitrary target URLs to an external service (https://markdown.new/<url>) and then print the response. There is no input validation, no URL encoding, and no warning about sending internal or sensitive URLs or query strings to a third party. That means URL contents or secrets embedded in URLs could be exposed to an external operator.
Install Mechanism
Instruction-only skill with an included small Python script and no install steps—no code is downloaded at install time. This is lower risk from an installation perspective.
Credentials
The skill requests no environment variables or credentials, which is consistent with its stated purpose. However, the code nonetheless causes data about arbitrary targets to be transmitted to a third party, which is not controlled by environment settings.
Persistence & Privilege
always:false (no forced inclusion). The skill can be invoked autonomously by default (platform normal), but it does not request persistent privileges or modify other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mdnew - 安装完成后,直接呼叫该 Skill 的名称或使用
/mdnew触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
initial release
元数据
常见问题
Mdnew 是什么?
Fetch clean, token-efficient Markdown from any URL using markdown.new, optimized for deep analysis with JS support and stripped of boilerplate content. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 684 次。
如何安装 Mdnew?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mdnew」即可一键安装,无需额外配置。
Mdnew 是免费的吗?
是的,Mdnew 完全免费(开源免费),可自由下载、安装和使用。
Mdnew 支持哪些平台?
Mdnew 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Mdnew?
由 ThendCN(@thendcn)开发并维护,当前版本 v1.0.0。
推荐 Skills