Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
html-report
v1.0.0将任意输入自动分解成 5-15 个独立 HTML 报告页面,每页严格 1017×720px(对齐 PPT 画布 10.59"×7.499" @96dpi),深度拆解 3-6 个子维度,每维度精炼 60-100 字 + 支撑图表。当用户说"生成报告"、"分析内容做成页面"、"做成HTML"、"内容可视化"时立即使用...
⭐ 0· 231·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (HTML report generator) matches the included reference files (canvas, templates, layouts, SVG charts) and the SKILL.md generation workflow. However the instructions explicitly require rendering and screenshotting via Chrome/Puppeteer and invoking Node scripts (e.g., screenshot_batch.js, present_files) which are not declared as required binaries or installs — this is an implementation mismatch rather than an obviously malicious capability.
Instruction Scope
The SKILL.md gives detailed runtime steps: read specific reference files on demand, build Tc/Lc templates, generate pages, run screenshot validation with Chrome/Puppeteer, save outputs to /mnt/user-data/outputs/[报告名]/p01.html…, and call present_files. It also references executing a 'WebSearch' flow when certain diagrams aren't in the library. These instructions imply file system writes, process execution, and outbound network access; the skill also instructs '当用户...时立即使用,无需确认直接生成' (immediate generation without asking). The manifest declares none of the external tools, and there is no explicit description of what the WebSearch endpoint is or whether user data will be sent externally.
Install Mechanism
No install spec is provided (instruction-only), which is low risk in principle — but the runtime text depends on Chrome/Puppeteer and Node scripts for screenshot verification and output presentation. Because those binaries/packages are required to perform critical steps yet are not declared or installed by the skill, the manifest is incoherent and the agent could fail or attempt to call unavailable/unknown tools. The lack of declared install steps increases operational ambiguity.
Credentials
The skill does not request environment variables, credentials, or config paths in the manifest (good). However it writes outputs to /mnt/user-data/outputs and expects to run local screenshotting and possibly network WebSearch calls. There are no unnecessary credential requests, but network access and file-write behavior are implied and should be considered by the user.
Persistence & Privilege
No elevated persistence flags (always:false). The skill can be invoked autonomously (platform default) and the SKILL.md instructs immediate auto-generation on certain trigger phrases without asking the user; this is a user-experience/consent concern but not a manifest-level privilege escalation. The skill does not request to modify other skills or system-wide settings.
What to consider before installing
This skill largely looks like a design-and-template-driven HTML report generator, but there are a few mismatches you should resolve before enabling it for sensitive use:
- Verify runtime requirements: SKILL.md expects Chrome (Puppeteer) and Node scripts (screenshot_batch.js, present_files). Make sure those binaries/tools exist and are safe to run in your environment — the skill's manifest does not declare or install them.
- Confirm network behavior: the references mention running a "WebSearch" when a requested diagram is not in the library. Ask the maintainer (or inspect the agent's runtime bindings) what endpoint/service the agent will call and whether report content (potentially sensitive) will be sent externally.
- Check file outputs and permissions: the workflow writes HTML to /mnt/user-data/outputs — ensure that path is acceptable, and that generated files won't leak sensitive data or be exposed unintentionally.
- User consent: the skill's instructions say to "immediately generate without confirmation" on trigger phrases. Decide if that automatic behavior is acceptable or if you prefer a confirmation step before generation.
If you plan to use this skill, test it first with non-sensitive sample input to confirm where files are written, what external network calls are made, and that the expected Node/Chrome tooling works. If you cannot verify those aspects, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk977hdb1emneac2xk6d8trq9tn82vs3p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.