auto-md2img
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s Markdown-to-image purpose is coherent, but it renders Markdown-derived HTML in an unsandboxed Puppeteer browser, which is risky for untrusted or private content.
Install only if you trust the Markdown being converted or can run the skill in an isolated environment. Avoid rendering private content that may contain raw HTML/scripts, and prefer a version that sanitizes Markdown, blocks browser network access, and pins dependencies.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious Markdown document could run active browser content during image generation, potentially leaking the rendered private content or probing network resources.
Markdown is converted to HTML and inserted into a Puppeteer page, while Chromium is launched without its normal sandbox. If raw HTML or scripts are present in Markdown, they may execute during rendering and can make network requests from the browser context.
const html = marked.parse(block); ... await page.setContent(`<div ...>${html}</div>`, { waitUntil: 'networkidle0' }); ... args: ['--no-sandbox', '--disable-setuid-sandbox']Sanitize or escape raw HTML before rendering, disable script execution where possible, block outbound network requests in Puppeteer, and avoid `--no-sandbox` unless running inside a separate hardened container.
Installing or preparing the skill may fetch external packages and a browser runtime, so dependency provenance matters.
The skill depends on external npm packages with caret version ranges. That is expected for this converter, but exact installed code can vary without a lockfile or pinned versions.
"dependencies": { "marked": "^4.3.0", "puppeteer": "^21.7.0" }Declare the install requirements in registry metadata, include or verify a lockfile, and pin dependency versions for reproducible installs.
Private Markdown content may remain on disk if debug mode is used or if output directories are not cleaned.
Debug mode intentionally persists intermediate render artifacts and split Markdown content, which may include private user or conversation data.
When enabled with `--debug` flag: ... Saves intermediate HTML render files ... Saves raw pagination split content as separate text files
Use debug mode only for non-sensitive content, write outputs to a temporary directory, and delete generated logs/intermediate files after troubleshooting.