ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RegexVisualizer

v1.0.0

Render Regulex-style railroad diagrams for a JavaScript regular expression and export the exact same SVG/PNG as the Regulex-Plus web UI (docs/index.html) "Ex...

2· 582·0 current·0 all-time
byZhong Siyao@pipedream941

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for pipedream941/regex-visualizer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "RegexVisualizer" (pipedream941/regex-visualizer) from ClawHub.
Skill page: https://clawhub.ai/pipedream941/regex-visualizer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install pipedream941/regex-visualizer

ClawHub CLI

Package manager switcher

npx clawhub@latest install regex-visualizer
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the skill embeds Regulex-Plus HTML and provides a Node script that launches puppeteer-core to produce the same SVG/PNG output as the web UI. Required tooling (Node, local Chrome/Edge) is appropriate and documented. No unrelated env vars, binaries, or credentials are requested.
Instruction Scope
SKILL.md instructs running the included scripts, installing puppeteer-core, and supplying a regex/out path. The runtime instructions only read the included assets/regulex.html and write the requested <out>.svg/.png files. There is no instruction to read arbitrary user files, environment secrets, or transmit data to external endpoints. Note: since the HTML is rendered by a browser, if that HTML referenced remote assets it could cause network fetches; the bundled assets appear self-contained.
Install Mechanism
No automatic install spec is present (instruction-only), but package.json depends on puppeteer-core and SKILL.md documents running npm install. This is a normal, proportionate approach. puppeteer-core does not bundle Chromium so the script correctly requires a local browser; package-lock is included and references npm registry packages (expected).
Credentials
The skill requests no credentials or config paths. It optionally respects CHROME_PATH / PUPPETEER_EXECUTABLE_PATH or a --chrome flag to locate the browser, which is reasonable and proportional to launching puppeteer. No secrets are required or accessed.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not attempt to persist system-wide configuration, modify other skills, or request permanent elevated presence.
Assessment
This skill appears to do exactly what it claims: run a local Node script that loads the included Regulex HTML in a headless browser and writes SVG/PNG output. Before installing, note: (1) npm install will add puppeteer-core and its dependencies to the skill folder; (2) you must have a local Chrome/Edge installed (or set CHROME_PATH/--chrome); (3) the script launches the browser with --no-sandbox (common for headless automation) — only run it on trusted content and in a safe environment; (4) review assets/regulex.html if you have concerns about remote resource loading (the packaged file appears self-contained). If you only need simple diagram rendering and prefer fewer dependencies, consider alternative tools that don't require a headless browser, but from a coherence/security standpoint this package is consistent with its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b6akpj1hja94yqzhp2p28n581vkn0
582downloads
2stars
1versions
Updated 16m ago
v1.0.0
MIT-0
Zhong Siyao@pipedream941
latest
Download

Regex Visualizer

Overview

Export the Regulex-Plus web visualizer output to *.svg and/or *.png in a single command, using the built-in web UI export logic (no re-drawing).

Quick Start

Render both SVG and PNG:

cd "$env:USERPROFILE\.codex\skills\regex-visualizer"
node scripts/render.mjs `
  --re "hello\\s+world" `
  --flags "i" `
  --out "out/hello-world"

cd ~/.codex/skills/regex-visualizer
node scripts/render.mjs \
  --re 'hello\\s+world' \
  --flags 'i' \
  --out 'out/hello-world'

SVG only:

cd ~/.codex/skills/regex-visualizer
node scripts/render.mjs `
  --re "^(a|b)*?$" `
  --out "out/re" `
  --svg-only

PNG only:

cd ~/.codex/skills/regex-visualizer
node scripts/render.mjs `
  --re "^(a|b)*?$" `
  --out "out/re" `
  --png-only

Install Dependencies

This skill uses puppeteer-core (does not bundle Chromium). Install once:

cd ~/.codex/skills/regex-visualizer
npm install

Screenshot

An example export generated using the built-in web UI rendering:

  • assets/example.png
  • assets/example.svg

Behavior

  • Uses assets/regulex.html (a copy of the Regulex-Plus web UI) and loads it with #!cmd=export&flags=...&re=....
  • Waits for the page to produce the exported canvas (canvas.exportCanvas) and then writes:
    • <out>.png from the same canvas as the web UI "Export Image" button
    • <out>.svg from the same <svg> element used by the web UI

Notes

  • Flags are limited to what the web UI supports by default: i, m, g.
  • If the regex fails to parse, the script surfaces the same error text shown in the UI.

Resources

scripts/

  • scripts/render.mjs: Headless export to SVG/PNG via the built-in cmd=export mode.

references/

None.

assets/

  • assets/regulex.html: Copy of Regulex-Plus/docs/index.html used for rendering/export.

Comments

Loading comments...