ClawHub

HTML 页面转图片

Security checks across malware telemetry and agentic risk

Overview

This skill appears to convert HTML to images as advertised, but it should be reviewed because it renders active HTML in Chromium and includes a legacy script that deletes an output folder without confirmation.

Install only if you plan to use trusted HTML or run it in an isolated environment. Prefer the main index.js API with a dedicated output directory, avoid running the legacy convert-pages.js directly unless you understand its hard-coded delete path, and consider patching the renderer to block external requests, avoid no-sandbox mode where possible, and sanitize filenames derived from HTML content. VirusTotal was pending and static scan was clean, so this Review verdict is based on artifact behavior, not telemetry alone.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function reads arbitrary HTML from disk and renders it with Puppeteer using `page.setContent(..., { waitUntil: 'networkidle0' })`, which allows the rendered document to fetch external resources such as images, fonts, stylesheets, or scripts before screenshots are taken. If the HTML is untrusted, this can trigger unintended outbound network access, leak environment metadata such as IP address, and create SSRF-style behavior against internal services reachable from the host running the skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script unconditionally deletes the entire output directory with rmSync(..., { recursive: true, force: true }) before recreating it, without confirmation, dry-run support, or path safety checks. In an agent or automation context, this can destroy data unexpectedly if the resolved path is wrong, altered, or reused for valuable files, causing integrity and availability impact.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal