Book-PDF:书籍级PDF手册生成器
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
该技能用途清楚,但随附的本地脚本存在可被特制标题或更新说明触发的意外代码执行和越界写文件风险。
Before installing or using this skill, fix or review the local scripts: do not pass untrusted text to update.sh, sanitize book titles before building, and install Playwright/Chromium only from trusted sources. The overall PDF-generation workflow is coherent, but the script hardening issues make it worth careful review.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user passes an unsafe update message, local code could run under the user's account.
The free-form update message is inserted directly into JavaScript passed to node -e. A crafted message containing a quote can terminate the string and execute arbitrary Node.js code when the script runs.
MESSAGE="${2:-无描述}" ... const entry = '\n## [$NEW_VERSION] $TODAY — $MESSAGE\n\n- $MESSAGE\n';Treat update messages as data: pass them via process.argv or an environment variable and use JSON.stringify/escaping before writing the changelog.
A malformed or adversarial book title could overwrite or create files in unexpected local locations.
The title from version.json is used directly in the output path. If it contains path separators or '..', the generated HTML can be written outside the intended output directory.
const OUTPUT_FILE = path.join(OUTPUT_DIR, `${versionData.title}-v${versionData.version}.html`); ... fs.writeFileSync(OUTPUT_FILE, html, 'utf-8');Sanitize titles into safe filenames, reject path separators and '..', and verify resolved output paths remain inside the project output/versions directories.
Installing the dependency downloads executable browser components onto the local machine.
The skill requires a user-directed npm package install and Chromium download. This is expected for Playwright PDF rendering, but it is not represented as an install spec or pinned dependency.
Playwright:`npm install playwright && npx playwright install chromium`
Install Playwright from trusted npm sources, consider pinning versions, and review dependency changes before use.
The task may consume more agent activity and create multiple research/content files in the chosen project directory.
The workflow explicitly uses multiple background agents for research and writing. This is purpose-aligned for a large manual, but users should be aware of autonomous parallel sub-tasks and file creation.
启动多个background agent并行调研,每份保存到 `{项目目录}/research/YYYY-MM-{关键词}.md`Confirm the topic scope, project directory, and source boundaries before allowing parallel background work.