交互式教学网页生成器
PassAudited by ClawScan on May 10, 2026.
Overview
This skill mostly does what it claims—turns a user-provided lesson file into an HTML page—but users should know the generated page loads third-party CDN scripts and embeds source text into HTML without sanitizing it.
This appears safe for normal use with trusted lesson files. Before installing, be aware that the generated HTML is not truly self-contained/offline because it imports CDN scripts, and avoid using untrusted source documents unless the generator is updated to sanitize embedded content.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening the generated HTML may contact a public CDN and run code supplied by that CDN.
The generated HTML loads JavaScript from jsdelivr CDN. This is purpose-aligned for formula rendering and animation, but it means generated pages are not fully offline/self-contained and rely on third-party scripts.
<script src="https://cdn.jsdelivr.net/npm/katex@0.16.9/dist/katex.min.js"></script> ... <script src="https://cdn.jsdelivr.net/npm/animejs@3.2.1/lib/anime.min.js"></script>
Use this skill where CDN loading is acceptable, or modify the output to bundle trusted local copies with integrity checks if offline or high-assurance use is needed.
A malicious or untrusted lesson file could cause unwanted HTML or JavaScript to run in the generated page.
Input lines are inserted directly into the generated HTML without escaping. If a source lesson contains HTML or script content, that content may become active when the generated page is opened.
html += `<p>${line}</p>`;Only generate pages from trusted teaching materials, or add HTML escaping/sanitization before publishing or opening generated files from untrusted sources.