v1.0.1

Info Card

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:15 AM.

Analysis

This appears to be a coherent local PNG card generator, but it requires running a local Python/Playwright browser-rendering workflow.

GuidanceThis skill looks safe for its stated purpose if you are comfortable running a local Python/Playwright renderer. Install dependencies from trusted sources, choose output paths deliberately, and avoid feeding untrusted HTML or URLs into card data unless you intend them to be rendered.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry entry does not provide an external source or homepage, so users have less provenance information for independently verifying the package origin.

User impactYou may have less information about who maintains the skill beyond the registry owner record.

RecommendationInstall only if you trust the registry listing and owner, and prefer reviewing the included files before use.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

HTML + CSS 模板 → Playwright 截图 → 900×1200 PNG

The skill intentionally uses Playwright/browser rendering to create PNG screenshots; this is expected for the stated purpose but means local code and a browser component are run.

User impactUsing the skill can run a local Python script and browser renderer to process the card content and write an output image.

RecommendationRun it only with card data and output paths you intend to use, and install Playwright/Chromium from trusted sources.