Skillv1.0.0

ClawScan security

Design To Html · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 8:27 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, scripts, and runtime instructions are consistent with its stated purpose (iteratively converting design images to HTML/CSS); nothing indicates intentional misdirection, though there are a few operational risks to review before running it.
Guidance: This skill appears to do what it claims: analyze an image, generate placeholder HTML, render it, compare pixels, and let the model iteratively improve the HTML. Before running it, take these precautions: (1) Run it in a sandboxed environment (container or isolated VM) because Puppeteer/headless Chrome will run locally and may fetch network resources referenced in generated HTML. (2) Inspect generated HTML (iteration_*.html) before rendering to ensure it does not include external URLs, tracking pixels, or remote scripts/images you don't want fetched. (3) Manually run npm install from the skill directory rather than allowing any automated install step; be aware Puppeteer may download a Chromium binary unless you skip it. (4) Be cautious running pipeline.py without review — it will attempt to pip-install Pillow automatically. (5) If you operate in a multi-tenant environment, note Puppeteer is launched with --no-sandbox (common for containers but not ideal for untrusted code). If you need higher assurance, request the author add explicit safeguards (e.g., forbid external resource URLs in generated HTML, remove auto pip installs, or make network access configurable).

Review Dimensions

Purpose & Capability: okThe name/description (design → pixel-perfect HTML) matches the included scripts and README. analyze.js, render.js, compare.js, and pipeline.{js,py} implement exactly the analysis, render, compare, and iteration flow described in SKILL.md. Declared dependencies (puppeteer, pixelmatch, pngjs, sharp) are appropriate for rendering and pixel comparison.
Instruction Scope: noteThe SKILL.md stays within the stated purpose and instructs the agent to generate/iterate HTML locally. A potential operational scope issue: render.js uses Puppeteer's page.setContent(..., {waitUntil:'networkidle0'}), so if generated HTML references external resources (fonts, images, analytics), the renderer will perform network requests during rendering. The agent is expected to generate HTML; a malicious or careless prompt could embed external URLs that cause the runtime to fetch remote content. Also the pipeline expects the model to write/overwrite iteration_N.html files—this grants the model control over HTML contents but is coherent with the task.
Install Mechanism: noteThere is no explicit platform install spec (instruction-only), which reduces surface risk. package.json lists standard npm packages from public registries; npm install is recommended. One noteworthy point: pipeline.py auto-installs Pillow via pip if missing (subprocess.check_call([... 'pip', 'install', 'Pillow'])). That behavior will trigger network installs if a user executes the Python script and should be considered an operational risk (unexpected package installs). No downloads from obscure domains or URL shorteners are present.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. All file I/O is local (analysis, renders, diffs). Required runtime access to Node and Puppeteer/Chrome is expected and proportionate to the stated function.
Persistence & Privilege: okThe skill is not always-enabled and does not modify other skills or global agent configuration. It runs as a local pipeline and produces local output files; nothing indicates it will persist beyond normal skill files or elevate privileges.