Back to skill
Skillv1.0.0
VirusTotal security
HTML 页面转图片 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:42 AM
- Hash
- e8ab1e611485025550f1c1c470f74683f9b63bbe98fb3cc36175ba8132449118
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: html-pages-to-images Version: 1.0.0 The skill provides HTML-to-image conversion using Puppeteer but contains high-risk behaviors and vulnerabilities. Specifically, 'index.js' and 'lib/convert-pages.js' allow the use of absolute paths for the 'htmlFile' and 'outputDir' parameters without sanitization, enabling arbitrary file read and write access. Furthermore, a legacy script 'convert-pages.js' in the root directory includes hardcoded paths and performs recursive directory deletion ('rmSync') on those paths. While these capabilities are plausibly related to the stated purpose of processing workspace files, the lack of path validation and the use of Puppeteer with the '--no-sandbox' flag pose significant security risks.
- External report
- View on VirusTotal