Newspaper Brief
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a purpose-aligned local formatter for turning user-provided text into newspaper-style HTML or PNG images, with minor notice that it runs a bundled Python renderer and may use a local browser for screenshots.
This looks safe for its stated purpose, but it does run a local Python renderer and may use a browser to screenshot generated HTML. Install it only if you are comfortable with that local file-generation workflow, and avoid feeding sensitive chats or documents unless you are also comfortable with them being written into local HTML/PNG output files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run local Python code and create files in the workspace.
The skill instructs use of a bundled Python renderer to create local HTML and optionally PNG files. This is local code execution, but it is clearly disclosed and central to the stated rendering purpose.
python skills/newspaper-brief/scripts/render_newspaper.py ... --html output/newspaper-brief/demo.html ... --png output/newspaper-brief/demo.png
Use intended input and output paths, keep generated files in a project/output directory, and review outputs before sharing them.
The agent may open locally generated HTML in a browser to capture a screenshot.
The skill may use a local browser binary or the OpenClaw browser tool to render and screenshot the generated local HTML. This is expected for PNG creation and is disclosed.
脚本会尝试寻找本机 Edge/Chrome 进行 headless screenshot ... 首选:OpenClaw browser 工具 ... 打开生成后的本地 HTML ... 使用全页截图
Confirm the HTML being opened is the file generated for this task, especially if the source text contains sensitive information.
You are relying on packaged helper code without an external project source to compare against.
The package includes runnable helper code but has no declared source homepage or install specification. This is a provenance and metadata gap, not a concrete malicious behavior in the provided artifacts.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... 1 code file(s): scripts/render_newspaper.py
Review the bundled script before use if provenance matters, and run it only in a normal project workspace.