ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RegexVisualizer

Render Regulex-style railroad diagrams for a JavaScript regular expression and export the exact same SVG/PNG as the Regulex-Plus web UI (docs/index.html) "Ex...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 340 · 0 current installs · 0 all-time installs
byZhong Siyao@PipeDream941
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the skill embeds Regulex-Plus HTML and provides a Node script that launches puppeteer-core to produce the same SVG/PNG output as the web UI. Required tooling (Node, local Chrome/Edge) is appropriate and documented. No unrelated env vars, binaries, or credentials are requested.
Instruction Scope
SKILL.md instructs running the included scripts, installing puppeteer-core, and supplying a regex/out path. The runtime instructions only read the included assets/regulex.html and write the requested <out>.svg/.png files. There is no instruction to read arbitrary user files, environment secrets, or transmit data to external endpoints. Note: since the HTML is rendered by a browser, if that HTML referenced remote assets it could cause network fetches; the bundled assets appear self-contained.
Install Mechanism
No automatic install spec is present (instruction-only), but package.json depends on puppeteer-core and SKILL.md documents running npm install. This is a normal, proportionate approach. puppeteer-core does not bundle Chromium so the script correctly requires a local browser; package-lock is included and references npm registry packages (expected).
Credentials
The skill requests no credentials or config paths. It optionally respects CHROME_PATH / PUPPETEER_EXECUTABLE_PATH or a --chrome flag to locate the browser, which is reasonable and proportional to launching puppeteer. No secrets are required or accessed.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not attempt to persist system-wide configuration, modify other skills, or request permanent elevated presence.
Assessment
This skill appears to do exactly what it claims: run a local Node script that loads the included Regulex HTML in a headless browser and writes SVG/PNG output. Before installing, note: (1) npm install will add puppeteer-core and its dependencies to the skill folder; (2) you must have a local Chrome/Edge installed (or set CHROME_PATH/--chrome); (3) the script launches the browser with --no-sandbox (common for headless automation) — only run it on trusted content and in a safe environment; (4) review assets/regulex.html if you have concerns about remote resource loading (the packaged file appears self-contained). If you only need simple diagram rendering and prefer fewer dependencies, consider alternative tools that don't require a headless browser, but from a coherence/security standpoint this package is consistent with its purpose.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97b6akpj1hja94yqzhp2p28n581vkn0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Regex Visualizer

Overview

Export the Regulex-Plus web visualizer output to *.svg and/or *.png in a single command, using the built-in web UI export logic (no re-drawing).

Quick Start

Render both SVG and PNG:

cd "$env:USERPROFILE\.codex\skills\regex-visualizer"
node scripts/render.mjs `
  --re "hello\\s+world" `
  --flags "i" `
  --out "out/hello-world"

cd ~/.codex/skills/regex-visualizer
node scripts/render.mjs \
  --re 'hello\\s+world' \
  --flags 'i' \
  --out 'out/hello-world'

SVG only:

cd ~/.codex/skills/regex-visualizer
node scripts/render.mjs `
  --re "^(a|b)*?$" `
  --out "out/re" `
  --svg-only

PNG only:

cd ~/.codex/skills/regex-visualizer
node scripts/render.mjs `
  --re "^(a|b)*?$" `
  --out "out/re" `
  --png-only

Install Dependencies

This skill uses puppeteer-core (does not bundle Chromium). Install once:

cd ~/.codex/skills/regex-visualizer
npm install

Screenshot

An example export generated using the built-in web UI rendering:

  • assets/example.png
  • assets/example.svg

Behavior

  • Uses assets/regulex.html (a copy of the Regulex-Plus web UI) and loads it with #!cmd=export&flags=...&re=....
  • Waits for the page to produce the exported canvas (canvas.exportCanvas) and then writes:
    • <out>.png from the same canvas as the web UI "Export Image" button
    • <out>.svg from the same <svg> element used by the web UI

Notes

  • Flags are limited to what the web UI supports by default: i, m, g.
  • If the regex fails to parse, the script surfaces the same error text shown in the UI.

Resources

scripts/

  • scripts/render.mjs: Headless export to SVG/PNG via the built-in cmd=export mode.

references/

None.

assets/

  • assets/regulex.html: Copy of Regulex-Plus/docs/index.html used for rendering/export.

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…