auto-md2img
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a coherent Markdown-to-image converter, but users should be aware that it runs a headless browser, installs npm dependencies, and may save debug copies of content.
This skill looks reasonable for converting Markdown to images. Before installing, be comfortable running Node/Puppeteer locally, avoid converting untrusted Markdown with raw HTML unless it is sanitized, and do not use debug mode for sensitive content unless you plan to delete the generated logs and intermediate files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you convert Markdown from an untrusted source, embedded web content may run or trigger network requests during rendering.
The converter renders parsed Markdown/HTML inside Puppeteer and launches Chromium without the normal sandbox. This is consistent with image rendering, but untrusted Markdown containing raw HTML, scripts, or remote resources could execute or load inside the browser context.
const html = marked.parse(block); ... await page.setContent(`<div ...>${html}</div>`, { waitUntil: 'networkidle0' }); ... args: ['--no-sandbox', '--disable-setuid-sandbox']Only convert trusted Markdown, or have the publisher disable JavaScript, sanitize raw HTML, block unexpected network loads, and avoid no-sandbox mode where possible.
Private Markdown content may remain in output or debug files if debug mode is used.
Debug mode intentionally writes intermediate render artifacts and raw split Markdown content to disk. This is useful for troubleshooting but can persist sensitive content beyond the immediate conversion.
When enabled with `--debug` flag: ... Saves intermediate HTML render files ... Saves raw pagination split content as separate text files
Avoid debug mode for confidential content and clean the output directory after conversion.
Installing the skill may fetch external npm packages and Puppeteer-related browser components.
The skill depends on npm packages with version ranges and an npm install step. This is expected for a Node/Puppeteer tool, but it introduces normal third-party package and browser-download supply-chain exposure.
"dependencies": { "puppeteer": "^21.7.0", "marked": "^4.3.0" }, ... "script": "npm install"Install from a trusted source, prefer pinned dependencies and lockfiles, and review npm install behavior before use in sensitive environments.