Math Viz
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local script that reads the generated HTML and uses local tools such as Python or Node for checks.
The skill explicitly tells the agent to run a bundled local shell verifier after generating HTML. This is disclosed and aligned with validating the generated page, but it is still local command execution.
bash ~/.workbuddy/skills/math-viz/scripts/verify_output.sh <生成的HTML文件>
Run the verifier only on generated workspace HTML files, keep output filenames simple, and review the helper script if you require strict local-execution controls.
Opening the generated page may contact public CDNs and execute their hosted visualization libraries in the browser.
The generated HTML is expected to load third-party JavaScript libraries from public CDNs, which is normal for this visualization purpose but depends on external providers.
CDN引入库:JSXGraph用 `cdnjs.cloudflare.com`,Three.js用 `cdn.jsdelivr.net`
Use this on networks where CDN access is acceptable; for distribution or sensitive environments, consider pinning with integrity checks or using locally hosted library copies.