ClawHub

jp-report

v1.0.1

Create formal Japanese corporate HTML and PDF reports from source text for business, compliance, or security documents with structured chapters and professio...

0· 76·0 current·0 all-time
byAnygen Selected Skill@ken-chy129
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (formal Japanese reports -> HTML+PDF) match the included files: docs for CSS/components, example HTML, and a small script to call headless Chrome. The macOS/Chrome requirement declared in README explains the script's hardcoded Chrome path.
Instruction Scope
SKILL.md restricts operations to reading the provided source text (file or pasted content), building HTML using local docs, and invoking the included Python script to produce a PDF. It references ${CLAUDE_SKILL_DIR} (platform-provided skill directory) to embed local files; this variable is not declared in requires.env but is a normal platform runtime variable. No instructions read unrelated system files or contact external endpoints.
Install Mechanism
No install spec (instruction-only skill) and only a tiny Python script is included. Nothing is downloaded or executed from remote URLs. The README's manual symlink installation is benign guidance.
Credentials
The skill declares no required environment variables, no credentials, and reads only user-provided input files and local docs/components for HTML/CSS. There are no secrets or unrelated env vars requested.
Persistence & Privilege
always:false and the skill does not request persistent system privileges or modify other skills. SKILL.md sets disable-model-invocation:true which reduces the skill's ability to autonomously call the model (not a risk).
Assessment
This skill appears coherent and limited to generating paginated HTML and producing a PDF via a local headless Chrome call. Before installing, consider: 1) The generate_pdf.py script invokes a hardcoded macOS Chrome binary path (/Applications/Google Chrome.app/Contents/MacOS/Google Chrome) — ensure you are on macOS with Chrome installed at that location or update the script. 2) The script URL-encodes the path using urllib.parse.quote on the entire path (could produce incorrect file:// URLs for some systems); test PDF generation with filenames containing spaces and Japanese characters. 3) The skill uses ${CLAUDE_SKILL_DIR} to read local docs (design-rules.md, components.md) — this is expected but platform-specific. 4) The skill writes .html/.pdf to whatever output folder the user supplies — do not point it at sensitive system directories. 5) No network calls or credentials are requested, so there's no obvious data exfiltration vector in the files provided. If you need to be extra cautious, review or run the generate_pdf.py locally to confirm it behaves as expected before granting it access to production documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk977m8exbswfs2zxfejt09hqk583nyme

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments