Chrome Markdown to PDF
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Markdown file from an untrusted source could make Chrome load remote resources or run JavaScript while the PDF is being produced.
Markdown line content is inserted into generated HTML without HTML-escaping outside fenced code blocks, then rendered by Chrome. Raw HTML or script in a Markdown file can become active browser content during PDF generation.
parts.append(f"<p>{inline_format(line)}</p>") ... cmd = ["google-chrome", "--headless", ... f"file://{html_path}"]Escape or sanitize Markdown-derived HTML, disable script execution during rendering, isolate Chrome, and convert only trusted Markdown until this is addressed.
Depending on Chrome's runtime behavior, conversion may not be fully separated from the user's normal browser environment.
Chrome is launched without an explicit temporary user-data-dir or incognito-style isolation. The artifacts do not show credential theft, but browser session/profile boundaries are not clearly bounded.
cmd = ["google-chrome", "--headless", "--disable-gpu", "--no-margins", "--no-pdf-header-footer", f"--print-to-pdf={pdf_path}", f"file://{html_path}"]Run Chrome with a temporary isolated profile and disabled extensions, and document that no browser credentials are needed.
The skill will fail or behave differently depending on the locally installed Chrome binary.
The skill relies on an external google-chrome executable, while the registry requirements list no required binaries. This is an under-declared dependency rather than hidden install code.
- **Google Chrome**(headless 模式渲染 PDF)
Declare google-chrome as a required binary in metadata and tell users which Chrome/Chromium versions are supported.