Kai Html Export
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the Vercel sharing path is used, a Vercel project may be made publicly accessible using the user’s account credentials, potentially affecting more than the single intended file.
The Vercel helper uses the user’s authenticated Vercel CLI to PATCH project settings and remove SSO protection, which is a persistent account/project access change beyond merely creating a local export.
payload = json.dumps({"ssoProtection": None}) ... vercel + ["api", f"/v9/projects/{project_id}", "-X", "PATCH", ...]Before using Vercel sharing, confirm the target project and understand that protection may be disabled; prefer a throwaway project or Cloudflare/default sharing if that better matches your intent.
Any selected folder or copied relative assets may become publicly reachable through the generated share URL.
The sharing feature intentionally uploads user-selected HTML and related assets to public hosting. This is purpose-aligned, but it is still a public disclosure action.
Publish HTML to a public URL ... Accepts either a single HTML file or a folder containing `index.html` ... Copies common relative assets automatically
Only share folders that contain content meant to be public, and remove secrets, private drafts, or unrelated files before publishing.
Using the share feature may run newly downloaded npm CLI code instead of a preinstalled, pinned tool.
When the Cloudflare CLI is not installed, the helper can invoke npx with --yes to fetch and run the latest wrangler package at runtime; the Vercel helper has the same pattern for `vercel`.
return [npx_path, "--yes", "wrangler"]
Install trusted versions of wrangler or vercel yourself before publishing, or run the sharing step in an isolated environment.
Opening untrusted HTML could trigger that HTML’s scripts or network loads during export.
The exporter renders the chosen HTML in a headless browser, which can execute scripts embedded in that HTML; on Linux it disables the browser sandbox to improve compatibility in container/root environments.
page.goto(url, wait_until="networkidle") ... extra_args = ['--no-sandbox', '--disable-setuid-sandbox'] if is_linux else []
Export HTML you trust, and use an isolated environment when converting files from unknown sources.