ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Infocard Skills

v0.1.2

Generate high-density editorial HTML info cards in a modern magazine and Swiss-international style, then capture them as ratio-specific screenshots. Use when...

0· 127·1 current·1 all-time
byShao Meng@shaom
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: SKILL.md, a card HTML template, layout/preset references, and a shell script that uses a local Chrome/Chromium binary to capture screenshots. Required binaries (google-chrome, chromium, chrome) are appropriate and proportional to rendering and screenshot tasks.
Instruction Scope
Runtime instructions are focused on generating fixed-size HTML cards and validating mobile readability. They do not instruct the agent to read unrelated files, access credentials, or transmit user data to external endpoints. The only external resource referenced is Google Fonts (fonts.googleapis.com) for typography, which is consistent with the design purpose.
Install Mechanism
This is an instruction-only skill with no install spec; the only executable artifact is a small shell script (capture_card.sh) that invokes a local Chrome binary. No downloads, package installs, or extracted archives are present.
Credentials
The skill requires no credentials or config paths. The script optionally honors a CHROME_BIN env var (reasonable for locating the browser). No high-risk secrets (API keys, tokens, cloud creds) are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent system privileges. It does not modify other skills or global agent config. Autonomous invocation is permitted (platform default) but not exceptional here.
Assessment
This skill appears coherent and safe for its stated use: it generates HTML templates and uses a local Chrome/Chromium binary to capture screenshots. Before installing or running it, verify you trust the agent/user-provided content (the generated HTML will reference Google Fonts which triggers network requests to fonts.googleapis.com). If you need fully offline operation, remove or replace the Google Fonts <link> and verify Chrome is installed and accessible (or set CHROME_BIN to the desired binary). As with any skill that processes sensitive text, avoid feeding confidential secrets into the card content unless you control the environment where screenshots and HTML are created.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bgp68xy13mt115w8k33adn983ew3b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgoogle-chrome, chromium, chrome

Comments