Super Cool Peep Generator
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill does what it says—generates an avatar through supercoolpeeps.com—but users should notice it relies on Puppeteer and launches a headless browser with sandboxing disabled.
This looks safe for its stated purpose if you are comfortable running a local Puppeteer script that visits supercoolpeeps.com and writes a PNG in the current directory. Use a trusted dependency installation path and avoid running it with elevated privileges.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to install Puppeteer yourself, and the reviewed artifacts do not pin or document the dependency version.
The included script depends on Puppeteer, while the provided install information declares no install spec or dependency package. This is likely an under-declared setup requirement rather than hidden behavior.
const puppeteer = require('puppeteer');Install dependencies only from trusted sources and prefer a pinned package/lockfile or clear setup instructions from the skill author.
If the external website or browser runtime were compromised, the reduced sandboxing could increase local environment risk.
The script launches Chromium through Puppeteer with sandboxing disabled. This is a common browser-automation setting but reduces isolation while rendering an external site.
await puppeteer.launch({
headless: "new",
args: ['--no-sandbox', '--disable-setuid-sandbox']
});Run the skill in a low-privilege working directory or container, and consider removing the no-sandbox flags if your environment supports normal Chromium sandboxing.