ClawHub

Html To Image

v1.0.2

HTML to Image integration. Manage Images. Use when the user wants to interact with HTML to Image data.

0· 131·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim an HTML-to-image integration and all runtime instructions revolve around using the Membrane CLI to call HTML-to-Image actions and proxy APIs — this is consistent and expected.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, creating connections, listing actions, running actions, and using a proxy endpoint. It does not ask the agent to read unrelated local files or environment variables, nor to exfiltrate data to unexpected endpoints.
Install Mechanism
Install is a global npm package (npm install -g @membranehq/cli). This is expected for a CLI-based integration but carries the usual npm/package-supply-chain considerations — no arbitrary download URLs or archive extraction are used.
Credentials
The skill declares no required environment variables, credentials, or config paths. All auth is delegated to Membrane's connection flow, matching the described usage.
Persistence & Privilege
Skill is not marked always:true and does not request system-wide configuration changes. Autonomous invocation is allowed by platform default but is not combined with broad secret access or persistent privileges.
Scan Findings in Context
[NO_REGEX_FINDINGS] expected: The scanner had no code files to analyze (instruction-only SKILL.md). Absence of regex matches is expected for a prose-only skill; review the install step (npm package) independently if desired.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to convert HTML to images. Before installing, verify the @membranehq/cli npm package and its publisher (check the npm page and GitHub repo), because global npm installs have supply-chain risk. Understand that using Membrane means your HTML and any proxied content will transit through Membrane’s service — review their privacy/security docs and your account permissions. If you need stricter isolation, run the CLI in a sandbox or container and avoid running it on sensitive hosts. If you want to be extra cautious, inspect the package source code or use a controlled environment for initial testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97040c682j7ftzzjpgbz05vqh842cnt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments