Skillv1.0.0

ClawScan security

Content Card · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 12:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions mostly match its purpose (render HTML templates to PNGs), but there are several incoherences and operational risks you should review before installing (missing install steps for heavy dependencies, hard-coded/incorrect paths, and external network requests during rendering).
Guidance: This skill appears to do what it says (generate PNG cards from HTML templates), but take these precautions before installing or running it: - Review the path inconsistencies: many docs reference `~/.claude/skills/ljg-card` while the skill slug is `content-card`. Verify and correct hard-coded paths to avoid unexpected file reads or failures. - Playwright is required by the code but no install steps are provided. Expect to install Node dependencies and browser binaries (Playwright will download Chromium). Do this in a controlled environment (local dev VM or container) and review network traffic during installation. - When rendering, the headless browser may load external resources (Google Fonts, remote LOGO_PATH images). These cause outbound requests that could expose the content being rendered (or metadata) to external hosts. If you will render sensitive content, sanitize or inline external assets and avoid remote image URLs. - The skill reads two preference locations and writes /tmp/content-card files. Confirm you are comfortable with the skill reading ~/.config and project-level config files; do not keep secrets in those files. The SKILL.md claims it strips API keys/tokens from structured output in one step — but that is a runtime behavior to trust only if you review the implementation. - If you want to proceed, run the skill in a sandbox (container or isolated machine), install dependencies manually, and verify the capture script behavior before giving it access to important documents. If you want, I can list the exact files/lines that reference the `ljg-card` path and the places that will trigger external network requests (fonts/images) so you can patch them or ask the author to fix them.

Review Dimensions

Purpose & Capability: noteThe skill's stated goal (turn text/URL/file into PNG cards) matches the included HTML templates, style references, and a Node script that screenshots HTML via Playwright. However the package.json declares a heavy dependency (playwright) while the registry metadata gives no install spec — an instruction-only listing with node code and an npm dependency is inconsistent and requires extra setup. Also many reference docs mention a different skill folder name (`ljg-card`) which suggests copy/paste errors and may cause runtime path errors.
Instruction Scope: concernSKILL.md instructs the agent to read project/user config files (.content-card/EXTEND.md and ~/.config/content-card/EXTEND.md), read user-provided file paths, fetch URLs, and write structured content to temp/content-card/structured-content.md — these are plausible for preferences and caching but do grant read/write access to local files. The templates import Google Fonts and embed image src placeholders; when capture.js renders HTML, the headless browser may make external network requests (fonts, remote images), which could leak metadata or cause external resource fetches. There are also multiple hard-coded path inconsistencies (references to ~/.claude/skills/ljg-card) that may cause incorrect behavior.
Install Mechanism: concernThere is no explicit install spec in the registry entry, but package.json and package-lock.json list playwright (and playwright-core). Playwright requires installing browser binaries (e.g., `npx playwright install chromium`) and is heavyweight; the skill provides a script that expects playwright present. The absence of an install step in the registry combined with bundled Node code is an operational mismatch and increases installation friction and implicit network downloads.
Credentials: okThe skill requests no environment variables or external credentials. It reads user preference files and writes temp files as part of normal operation. There are no hidden credential requests in the files provided.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated privileges. It reads config files in the current directory and the user's home (~/.config) and writes to /tmp — appropriate for preferences and temporary structured-output, but you should be comfortable with the skill reading those paths. It does not modify other skills or system-wide configs in the provided files.