文档可视化
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Documents you give to the skill may be read and transformed into generated dashboard files.
The skill accepts local file paths and parses user-selected documents, which is expected for a document visualizer but means the agent can read the contents of files the user provides.
elif os.path.isfile(input_str): ... return {"type": "pdf", "value": input_str}Only provide documents and file paths you intend to convert, especially if they contain confidential business or personal data.
The skill will run a headless browser locally when exporting dashboards.
The skill launches Playwright/Chromium to render the generated local HTML and export PDF/PNG. This is disclosed and central to the export feature.
b = p.chromium.launch(headless=True) ... page.goto(html_url, wait_until="networkidle") ... page.pdf(...) ... page.screenshot(...)
Keep Playwright/Chromium updated and avoid converting untrusted documents if you are concerned about generated HTML content being rendered.
Installing the skill may require pulling third-party packages and a browser runtime from external package sources.
The skill documents manual, unpinned dependency installation rather than an install spec or lockfile. These dependencies are purpose-aligned but their exact versions and provenance are not fixed.
pip install python-docx openpyxl pdfplumber pandas playwright playwright install chromium
Install dependencies from trusted package indexes, consider pinning versions, and review the environment before use.
Feishu link conversion may fail or may rely on an external/local helper whose implementation was not included in this review.
The Feishu document path depends on a helper module that is referenced by code but not included in the provided manifest or install metadata.
from feishu_fetch_doc import fetch_doc
Verify the source and behavior of the feishu_fetch_doc helper before using the Feishu document feature.