ClawHub

xiaohongshu-image-generator

v1.0.0

根据用户提示词生成小红书配图。使用 HTML + CSS 设计可视化卡片,通过 Playwright 浏览器截图生成图片。触发场景:(1) 用户要求生成小红书笔记配图 (2) 需要生成竖版封面卡片图 (3) 用 HTML 模板生成营销配图

1· 196·0 current·0 all-time
by@parker-y
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (HTML+CSS templates, local rendering, screenshot) match the included templates, example HTML files, and the Python script that generates HTML and starts a local HTTP server. No unrelated env vars, binaries, or external services are requested.
Instruction Scope
SKILL.md instructs generating HTML, hosting it on a local HTTP server, and using a browser action to open and screenshot the page — this matches the code. One implementation detail to note: generated content is inserted into HTML without HTML-escaping, so arbitrary user-supplied text could inject markup into the rendered page (XSS-like behavior). That is normally low-risk for a local rendering flow but worth awareness if untrusted HTML is supplied or the server is made reachable beyond localhost.
Install Mechanism
No install spec is provided (instruction-only skill + Python script and static templates). The repository contains only local Python + static HTML assets; there are no downloads or package installs declared.
Credentials
The skill does not request environment variables, credentials, or config paths. The resources it uses (local files, localhost server, browser tooling) are proportional to the stated task.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide agent settings. It only starts a local HTTP server for the purpose of rendering pages.
Assessment
This skill appears to do what it claims: generate HTML templates, host them locally, and capture a screenshot for an image. Before installing/using, consider: (1) run it in a confined environment (container or restricted workspace) to isolate the local HTTP server; ensure the server is bound to localhost and not exposed externally; (2) the Python generator inserts user text directly into the HTML without escaping — avoid passing untrusted HTML or scripts in prompts; (3) the workflow expects a browser/Playwright-like screenshot capability (the SKILL.md uses a browser action) — ensure your runtime provides that and you trust the tool that will open the page; (4) review templates if you will include sensitive content. If you need higher assurance, ask the author for the full generate_image.py code (verify no external network calls) or run the script in a sandbox first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97emprzf4d5fbxdqhzmesmpf182r11v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments