Snipgrapher - generate images from code snippets
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward guide for using the snipgrapher CLI to create code snippet images, with a minor supply-chain note because it recommends running the npm package via npx.
This appears safe for normal use as a CLI workflow guide. Before installing or using it in sensitive repositories, decide whether you are comfortable letting the agent run the snipgrapher npm package, and consider pinning or preinstalling a trusted version instead of relying on automatic npx fallback.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the npm package changes or is compromised, the agent could run that changed package when generating snippet images.
This tells the assistant to run the public npm package through npx, with automatic confirmation and no pinned version. That is coherent for a CLI-based image-rendering skill, but users should be aware of the package provenance and version used.
If `snipgrapher` is unavailable, fall back to npm (`npx --yes snipgrapher ...`).
Prefer a reviewed, pinned version of snipgrapher or install it explicitly before use; review the npm package source/provenance if this will run in sensitive projects.