ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Knowledge card creator, your memory helper

v1.6.1

Knowledge Card generator. Extracts key knowledge from user-provided material (text, files, URLs), determines optimal card type (concept/备忘/流程/对比), applies co...

0· 98·0 current·0 all-time
byJay@goog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included files: SKILL.md describes extracting knowledge and rendering a card, and scripts/render_card.py implements Markdown→HTML→PNG rendering. However, SKILL.md also promises URL fetching and image OCR, but the repo contains no fetch/OCR implementation or declared dependencies (no requests, newspaper, pytesseract, etc.). That mismatch means the skill either expects the agent to perform fetching/OCR itself or is missing code/dependency declarations.
!
Instruction Scope
The SKILL.md instructs the agent to accept pasted text, file paths, URLs, or images and to fetch URLs and OCR images. Those actions can involve reading arbitrary user-provided files and making network calls. The repository contains only the rendering script; there is no code to fetch webpages or perform OCR and there is no guidance on what the agent should do if those steps are required. The instructions also direct saving output to ~/.openclaw/workspace/kcards/, which writes into the user's home directory.
!
Install Mechanism
This is an instruction-only skill with one included script and no install spec. The script imports third-party packages (markdown, html2image, PIL/Pillow, optional Pygments) and expects a local Chrome/Edge executable. None of these dependencies or installation steps are declared in the registry metadata or SKILL.md, so users/agents must install runtime dependencies and a browser manually. The script also uses Google Fonts via a CSS @import (external network call) during rendering.
Credentials
The skill requests no credentials or required environment variables. The render script optionally checks CHROME_PATH/EDGE_PATH if set, but no secret or unrelated credentials are requested. No config paths or tokens for external services are required by the package itself.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. It writes output to a user-space default directory and runs a local Python script. It does not modify other skills or global agent configurations.
What to consider before installing
This skill appears to do what it claims (render Markdown cards to PNG) but has gaps that you should be aware of before installing or running it: 1) It promises URL fetching and OCR in SKILL.md but provides no code or declared dependencies for those steps — you or the agent will need to implement those or only supply plain text inputs. 2) The renderer requires Python packages (markdown, html2image, pillow) and a local Chrome/Edge executable; these are not installed automatically. 3) Rendering imports Google Fonts (external network request) and html2image will launch a browser process that may make network requests; if you need an offline/no-network workflow, edit the CSS to remove external imports and ensure a local font. 4) The script will write files under your home directory by default (~/.openclaw/workspace/kcards/) and will read any file paths you provide — only give it inputs you trust. Recommended next steps: inspect scripts/render_card.py fully, install dependencies in an isolated environment (virtualenv or container), and test with non-sensitive inputs. If you expect URL fetching or OCR, either add vetted libraries (requests, newspaper3k, pytesseract) or restrict usage to pasted text to avoid unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97118x4xcn4035dyjnq68jqnd842552

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Knowledge Card Generator

Workflow

1. Parse Input Material

Accept any of: pasted text, file path, URL, or image.

  • If URL → fetch and extract main content
  • If file → read it
  • If image → OCR or analyze visually

Extract 3–7 core knowledge points. Prioritize: definitions > mechanisms > examples > details.

2. Determine Card Type

Pick the best-fit type based on content nature:

TypeTrigger PatternStructure
概念卡 (Concept)Defines a term, theory, modelTerm → Definition → Analogy → Key Points
备忘卡 (Memo)Steps, commands, configs, referencesTitle → Ordered Steps → Tips / Gotchas
流程卡 (Process)Sequential workflow or lifecycleTitle → Phases → Steps per Phase → Output
对比卡 (Comparison)Compares 2+ itemsDimension → Item A vs Item B → Verdict

If unsure, default to Concept card.

3. Apply Cognitive Science Principles

Follow these when structuring the card:

  • Chunking: Group related info into 3–5 chunks max per section
  • Dual Coding: Pair text with a visual metaphor or emoji anchors
  • Elaboration: Add a "Why It Matters" or analogy section
  • Spaced Repetition Cue: End with a self-test question (❓)
  • Progressive Disclosure: Layer from simple to detailed

4. Generate Markdown

Use the template from references/card-templates.md. Output a single Markdown file.

Naming convention: kcard_<topic>_<type>.md (e.g., kcard_react-hooks_concept.md)

Save to user's specified path or default: ~/.openclaw/workspace/kcards/

5. Render to Image

Run the rendering script to convert the Markdown into a PNG:

python <skill-dir>/scripts/render_card.py <path-to-markdown> [--output <output.png>] [--theme <warm|cool|girly|tech>] [--width 800]

Default theme: warm. Default output: same path with .png extension.

The script:

  1. Parses Markdown to styled HTML
  2. Renders HTML to image via headless browser or html2image
  3. Returns the output path

Present the final image to the user.

Output Format

Always output:

  1. The Markdown source file (for editing/reuse)
  2. The rendered PNG image
  3. A brief one-line summary of what the card covers

Notes

  • Keep cards concise: one concept per card, maximum 195 words
  • Use Chinese or English based on input language
  • Emoji anchors are encouraged but keep them minimal (1–3 per section)
  • For batch requests, process cards sequentially and summarize all outputs

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…