Generate responsive HTML pages suitable for reporting, supporting resizing and screenshot capture.
PassAudited by ClawScan on May 10, 2026.
Overview
This skill coherently generates local HTML reports, with the main caution that report text is inserted into HTML and then opened in a browser.
This appears safe for generating local reports from trusted content. Before installing, be aware that it creates HTML files and opens them in a browser for screenshots; avoid feeding it untrusted raw HTML unless the generator is updated to escape user-supplied text.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create a local HTML file when asked to generate a report.
The skill instructs the agent to run a local script and write output files. This is directly aligned with generating a report, but users should know it performs local file creation.
Execute the python script with the JSON data:
python3 scripts/generate.py --output "workspace/reports" --data '{"title": "...", ...}'Use a scoped output directory and only invoke the skill for report-generation tasks you requested.
If untrusted content containing HTML or JavaScript is used as report input, it may render or execute inside the generated local HTML page during screenshot capture.
Visible code inserts report fields directly into HTML without showing HTML escaping or sanitization. Since SKILL.md then instructs opening the generated file in a browser, HTML or script-like input could be rendered by the browser.
return "\n".join([f"<li>{item}</li>" for item in items])Treat report input as trusted text, or update the generator to HTML-escape all user-supplied fields before writing the report.