HTML Coder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only HTML helper is aligned with its purpose; users should simply review any generated pages that include third-party CDN scripts or styles.
This appears safe to install as an instruction-only HTML reference skill. Before publishing generated HTML, review any included JavaScript, CSS, forms, geolocation, storage, or CDN links to ensure they match your site’s security and privacy requirements.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated web pages may depend on third-party CDN-hosted scripts or styles if the examples are used directly.
The documentation provides examples that load third-party JavaScript from public CDNs. This is purpose-aligned for HTML development guidance, but if copied into a production page it creates an external dependency that should be reviewed.
<script crossorigin src="https://unpkg.com/react@18/umd/react.production.min.js"></script>
For production pages, review external script/style sources, pin versions, prefer Subresource Integrity where possible, or host approved assets locally.