ClawHub
Back to skill
v1.0.0

xiaohongshu-image-generator

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:00 AM.

Analysis

The skill coherently generates local HTML card images and screenshots them, with only expected local server/browser use to be aware of.

GuidanceThis appears safe for its intended use: generating a local HTML card and screenshotting it. Before installing, be aware that it may run a localhost web server and render generated HTML in a browser, so use a dedicated folder and avoid feeding it untrusted raw HTML or scripts.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
python3 -m http.server <端口号> ... browser action=open url=http://localhost:<端口号>/<filename>.html ... browser action=screenshot

The skill explicitly uses local command/server and browser screenshot tooling. This is expected for the stated image-generation purpose, but it gives the workflow access to whatever directory is served.

User impactThe skill may start a local web server and open a local page in the browser to capture the image.
RecommendationRun the server from a folder containing only the generated HTML/assets, use a non-sensitive port/directory, and stop the server after the screenshot is complete.
Unexpected Code Execution
SeverityLowConfidenceMediumStatusNote
scripts/generate_image.py
content_html = ''.join(f'<p>{line}</p>' for line in content_lines if line.strip()) ... html = TEMPLATE.format(title=config.get('title', '今日分享'), content_html=content_html or '<p>每天进步一点点</p>', tag=config.get('tag', '📌 今日分享'), author=config.get('author', '袁佳鹏')

Prompt-derived text is inserted into generated HTML without visible escaping. Because the workflow renders that HTML in a browser, raw markup in inputs could be rendered as HTML rather than plain text.

User impactIf untrusted text is used as card content, it could affect the generated page beyond simple text rendering.
RecommendationTreat card text as plain text by escaping HTML special characters, or only allow vetted HTML/CSS when intentionally designing a template.