ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TeX Render

v1.1.4

Renders LaTeX math to PNG, JPEG, WebP, or AVIF images using MathJax (TeX→SVG) and @svg-fns/svg2img. Invoke whenever the agent needs to output LaTeX as a view...

1· 965·5 current·5 all-time
by@thebigoranger
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and package.json: MathJax → SVG → @svg-fns/svg2img (Sharp) is exactly what you'd expect for converting LaTeX to PNG/JPEG/WebP/AVIF. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md directs the agent to run the included CLI (node scripts/render.js) and to automatically render and send any LaTeX in replies. That automatic behavior is explicitly documented in the user notice and TOOLS.md examples; it will write files to ~/.openclaw/media/tex-render/. This is coherent with the purpose but is a behavioral choice (automatic, non-interactive rendering) that operators should be aware of.
Install Mechanism
Install is via npm in the skill folder (package.json lists mathjax, @svg-fns/svg2img, sharp). No ad-hoc downloads, shorteners, or remote archives are used. npm-based install is expected here; note sharp may compile native code and requires a build toolchain on some platforms.
Credentials
The skill requests no environment variables or credentials. Its filesystem access is limited to writing output under the user's home (~/.openclaw/media/tex-render) and relative paths when an explicit outBase is provided; this is proportional to generating image files.
Persistence & Privilege
always:false and no special privileges requested. The skill writes its own media files but does not modify other skills or global agent config. Autonomous invocation (disable-model-invocation:false) is the platform default and not, by itself, a concern.
Assessment
This skill appears to do exactly what it says: convert LaTeX to images using MathJax and svg2img/Sharp. Before enabling: 1) Note the skill will automatically render and send images whenever the agent would output LaTeX — if you want to approve each render, do not enable it. 2) Installation requires running npm install in the skill folder and may compile sharp (ensure Node 14+ and build tools if on platforms requiring native builds). 3) The CLI writes files by default to ~/.openclaw/media/tex-render — monitor disk use and permissions. 4) Because npm packages can change, consider reviewing the published package contents (or running npm install in a sandbox) to confirm the dependencies are the expected MathJax/svg2img/sharp. 5) The validate script uses child_process to run tests locally (no network). If you want stricter privacy/control, avoid enabling automatic triggering in TOOLS.md and only invoke the skill when explicitly requested.

Like a lobster shell, security has layers — review code before you run it.

latestvk9779r6dvyv1hhxs29p7y2r3ms818js9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📐 Clawdis

Comments