zenTable
PassAudited by ClawScan on May 1, 2026.
Overview
ZenTable is a coherent table-to-image helper, but users should notice that it relies on local execution and external runnable code from a pinned GitHub release.
This looks purpose-aligned for rendering tables to images. Before installing, review the pinned GitHub release code, confirm first-time execution, and run it in a controlled environment if the tables or screenshots contain sensitive data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and running the skill requires trusting code that is outside the provided artifact bundle.
The actual runnable scripts are expected to be downloaded separately from GitHub rather than being included in the reviewed package.
This ClawHub package is text-only. Use the pinned GitHub release for runnable code.
Download only the pinned release, review the referenced scripts before running, and use a controlled environment for first-time execution.
When invoked, the agent may run local renderer commands and create output files on the machine.
The skill asks for local command execution and file read/write access, which is expected for rendering PNG files but still grants meaningful local authority.
allowed-tools: ["exec", "read", "write"]
Use the skill only for intended table-rendering tasks, review any first-time commands, and avoid pointing it at sensitive files unless needed.
Typing the shortcut may cause the agent to process recent text or images as table input without asking additional questions.
The skill defines a shorthand that changes the agent's normal clarification behavior and can cause immediate rendering from current or previous context.
When user input is `Zx`, treat it as a strong render intent: Execute rendering directly by default (no preliminary Q&A).
Use `Zx` only when you intentionally want immediate rendering; otherwise give explicit instructions or ask the agent to confirm first.
If you use the OCR deployment, image contents may be sent to a local OCR API container for processing.
Optional deployment uses local FastAPI services for OCR, meaning screenshots or photos may be passed to a separate local service.
Connect them via internal Docker network. Expose only required ports. ... POST /ocr ... POST /ocr/base64
Keep OCR services bound to localhost or an internal Docker network, avoid exposing them publicly, and do not submit sensitive screenshots unless appropriate.