Generate responsive HTML pages suitable for reporting, supporting resizing and screenshot capture.
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create a local HTML file when asked to generate a report.
The skill instructs the agent to run a local script and write output files. This is directly aligned with generating a report, but users should know it performs local file creation.
Execute the python script with the JSON data:
python3 scripts/generate.py --output "workspace/reports" --data '{"title": "...", ...}'Use a scoped output directory and only invoke the skill for report-generation tasks you requested.
If untrusted content containing HTML or JavaScript is used as report input, it may render or execute inside the generated local HTML page during screenshot capture.
Visible code inserts report fields directly into HTML without showing HTML escaping or sanitization. Since SKILL.md then instructs opening the generated file in a browser, HTML or script-like input could be rendered by the browser.
return "\n".join([f"<li>{item}</li>" for item in items])Treat report input as trusted text, or update the generator to HTML-escape all user-supplied fields before writing the report.