Chrome Markdown to PDF
AdvisoryAudited by VirusTotal on Apr 16, 2026.
Overview
Type: OpenClaw Skill Name: chrome-markdown2pdf Version: 1.0.0 The script `scripts/md2pdf.py` is vulnerable to HTML injection because it fails to sanitize Markdown input before rendering it via headless Chrome. Specifically, the `md_to_html` and `inline_format` functions do not escape HTML entities, allowing raw HTML tags or scripts in a Markdown file to be executed by the Chrome renderer. This could be exploited to perform local file disclosure or SSRF if the agent processes untrusted Markdown content. While the behavior aligns with the stated purpose and lacks evidence of intentional malice, the lack of input sanitization is a significant security flaw.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Markdown file from an untrusted source could make Chrome load remote resources or run JavaScript while the PDF is being produced.
Markdown line content is inserted into generated HTML without HTML-escaping outside fenced code blocks, then rendered by Chrome. Raw HTML or script in a Markdown file can become active browser content during PDF generation.
parts.append(f"<p>{inline_format(line)}</p>") ... cmd = ["google-chrome", "--headless", ... f"file://{html_path}"]Escape or sanitize Markdown-derived HTML, disable script execution during rendering, isolate Chrome, and convert only trusted Markdown until this is addressed.
Depending on Chrome's runtime behavior, conversion may not be fully separated from the user's normal browser environment.
Chrome is launched without an explicit temporary user-data-dir or incognito-style isolation. The artifacts do not show credential theft, but browser session/profile boundaries are not clearly bounded.
cmd = ["google-chrome", "--headless", "--disable-gpu", "--no-margins", "--no-pdf-header-footer", f"--print-to-pdf={pdf_path}", f"file://{html_path}"]Run Chrome with a temporary isolated profile and disabled extensions, and document that no browser credentials are needed.
The skill will fail or behave differently depending on the locally installed Chrome binary.
The skill relies on an external google-chrome executable, while the registry requirements list no required binaries. This is an under-declared dependency rather than hidden install code.
- **Google Chrome**(headless 模式渲染 PDF)
Declare google-chrome as a required binary in metadata and tell users which Chrome/Chromium versions are supported.