picture-book-maker
ReviewAudited by ClawScan on May 10, 2026.
Overview
This picture-book skill is mostly coherent, but its packer handles metadata image paths and HTML text too broadly, so untrusted book folders could cause unsafe file reads or browser script execution.
Use this skill only with trusted metadata and images. Keep page images inside the intended pages folder, avoid arbitrary file paths or internal/private URLs in metadata.json, and review generated book.html before opening or sharing it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or untrusted metadata.json could make the agent read an unintended local file into the generated book, or make network requests to arbitrary image URLs.
A metadata-controlled non-URL image value can become a local file path without canonical checks that it remains inside the intended pages directory; URL values are also fetched directly.
image_url = page_data.get('image') or page_data.get('url') or page_data.get('file') ... full_path = os.path.join(pages_dir, image_source) ... with open(image_path_or_url, 'rb') as f: image_data = f.read()Run the packer only on trusted book folders; update the script to reject absolute paths and '..' traversal, resolve paths canonically under pages/, validate local files as real images, and consider confirming or restricting remote URL hosts.
If a generated or imported metadata file contains HTML or JavaScript, opening the produced book.html could run that script in the browser.
Metadata text, title, author, and description are interpolated into HTML without escaping or sanitization.
page_text = f'<div class="text-cn">{text_cn}</div>' ... <h1 class="cover-title">{metadata.get('title', '绘本')}</h1> ... <div class="page-text">{page['text']}</div>HTML-escape all user/story metadata before inserting it into the template, or allow only a small sanitized markup subset; do not open or share HTML generated from untrusted metadata.
Installation or execution may fail if requests is unavailable, or may use a different future requests version than the author tested.
The dependency declaration and setup instructions disagree, and the dependency is version-ranged rather than pinned.
dependency:\n python:\n - requests>=2.28.0 ... 本技能使用智能体原生能力,无需安装额外依赖包。
Align the metadata and setup instructions, add a clear install specification or lockfile if installation is expected, and pin or test dependency versions.