ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markdown Mobile Export

v0.1.0

Use when a task needs a local Markdown file path or pasted Markdown text converted into a faithful mobile-friendly PNG/JPG long image for phone-readable arti...

0· 91·0 current·0 all-time
byGoGoLin@linsuisheng034
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the artifacts: scripts convert Markdown → HTML → stitched long PNG/JPG. The files and CLI options are consistent with producing an HTML sidecar and image output. No unrelated credentials, binaries, or unrelated services are requested.
Instruction Scope
SKILL.md and the scripts operate on local Markdown, render HTML, detect local Chromium-family browsers, and capture screenshots. They will load remote images/fonts referenced by the Markdown/HTML (the code waits for fonts/images to load). Loading external assets is expected for faithful rendering but means the renderer may make outgoing network requests for linked resources.
Install Mechanism
No explicit install spec in registry, but at runtime the code will try to pip-install Python packages (playwright, pillow) and invoke 'playwright install chromium' to download browser binaries if no local browser is found. This is coherent with the fallback behavior but does involve runtime network downloads and writing packages/browser binaries to disk.
Credentials
The skill requests no environment variables, credentials, or config paths. The behavior (reading local Markdown, writing HTML/images) matches the declared requirements.
Persistence & Privilege
always is false and the skill does not request persistent or special platform privileges. It writes output files and may install packages, but does not modify other skills or global agent configs.
Assessment
This skill appears to do what it says: convert Markdown to a mobile-friendly long image and save an HTML sidecar. Before installing/using it, consider: (1) it may auto-install Python packages and download Playwright Chromium binaries at runtime—run in an environment where such installs are acceptable or perform manual installation ahead of time; (2) the renderer will fetch any remote images or fonts referenced by your Markdown, which causes outbound network requests (avoid feeding sensitive links you don't want contacted); (3) it reads local files and writes HTML/image outputs to disk—review file paths before running. If you want extra safety, run the scripts in an isolated VM/container or inspect the bundled scripts locally (they are included) before executing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971hkwjyhg5dq2yp9gstd3xt9839z22

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments