Cement Heat Balance Visualization
PassAudited by ClawScan on May 16, 2026.
Overview
This skill appears to be a straightforward local HTML visualization generator with no network, credential, persistence, or hidden behavior shown.
This looks safe for generating local cement heat-balance visualization files. Use trusted data sources, review the output path before generating files, and be aware that unescaped input text may appear directly in the resulting HTML.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may create or overwrite a local HTML file at the specified output path.
The script can read a local input file and write a local HTML output file. This is expected for a visualization generator, but users should choose file paths deliberately.
parser.add_argument('--input', '-i', help='Input JSON file with heat balance data') ... parser.add_argument('--output', '-o', default='heat_balance_viz.html', help='Output HTML file')Use an intended output filename or folder, and avoid pointing it at important existing files.
If malicious heat-balance data is used, the generated report could contain unwanted HTML or script content.
User-provided data is interpolated directly into generated HTML without visible escaping. This is common in simple report generators, but untrusted input containing HTML or script could be rendered by the browser when the output file is opened.
<div>{stage['name']}</div> ... <td>{item['item']}</td> ... <div class="kpi-value">{kpi['value']}</div>Use trusted input data, or add HTML escaping/sanitization before rendering values into the report.