小红书卡片生成器
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a straightforward local image-card renderer, with only minor notes about local file handling and undeclared setup/provenance details.
This looks safe for normal use as a local card generator. Before installing or invoking it, make sure Python/Pillow are available from trusted sources, use only the Markdown/text files you intend to render, and choose a dedicated output folder because the scripts create or overwrite PNG files there.
VirusTotal
62/62 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent chooses the wrong input or output path, it could render unintended local text or overwrite generated image filenames in that folder.
The skill uses a local command with user-provided title, subtitle, input path, and output directory. This is expected for rendering cards, but arguments should be treated as data and paths should be user-approved.
python3 {baseDir}/scripts/<script_name>.py "标题" "副标题" "文案路径" "输出目录"Use only intended .md/.txt files and a dedicated output directory; ensure shell arguments are safely quoted or passed without raw string interpolation.
Users cannot easily verify the upstream project or maintainer outside the provided artifacts.
The package provenance is not identified, so users have less external context for the author or maintenance source even though the included code itself appears coherent and purpose-aligned.
Source: unknown; Homepage: none
Review the included scripts before use and install required dependencies such as Pillow from trusted sources.