Math Viz
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: math-viz Version: 1.1.0 The math-viz skill is designed to generate interactive math visualizations using JSXGraph and Three.js. It includes a comprehensive verification workflow where the agent is instructed to run a local bash script (scripts/verify_output.sh) to validate the syntax and integrity of the generated HTML/JavaScript. The script uses standard tools (Node.js, Python) for static analysis and does not exhibit signs of data exfiltration, persistence, or malicious prompt injection. The instructions in SKILL.md are strictly focused on ensuring high-quality output and reliability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local script that reads the generated HTML and uses local tools such as Python or Node for checks.
The skill explicitly tells the agent to run a bundled local shell verifier after generating HTML. This is disclosed and aligned with validating the generated page, but it is still local command execution.
bash ~/.workbuddy/skills/math-viz/scripts/verify_output.sh <生成的HTML文件>
Run the verifier only on generated workspace HTML files, keep output filenames simple, and review the helper script if you require strict local-execution controls.
Opening the generated page may contact public CDNs and execute their hosted visualization libraries in the browser.
The generated HTML is expected to load third-party JavaScript libraries from public CDNs, which is normal for this visualization purpose but depends on external providers.
CDN引入库:JSXGraph用 `cdnjs.cloudflare.com`,Three.js用 `cdn.jsdelivr.net`
Use this on networks where CDN access is acceptable; for distribution or sensitive environments, consider pinning with integrity checks or using locally hosted library copies.