Json Render Table
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears aligned with rendering table images, but users should notice that it may install external rendering tools, run local shell/Python commands, and optionally delegate rendering to another agent/model.
This skill looks coherent for rendering PNG table screenshots. Before installing, make sure you are comfortable with npm/Playwright tool installation, local shell execution, temporary /tmp image outputs, and optional delegation to another agent/model; avoid delegation for sensitive table data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may lead the agent to download and install npm/Playwright components if they are not already present.
The skill tells the agent to install external, unpinned tooling at use time. This is directly related to the stated rendering purpose, but it expands the supply-chain surface.
If missing, run `npm i -g json-render-cli`; if Chromium is missing, run `npx playwright install chromium`.
Use a trusted environment, consider pinning or preinstalling reviewed versions of json-render-cli and Playwright Chromium, and avoid running unexpected package installs in sensitive environments.
The agent may run local commands to calculate layout, build JSON, and render an image file.
The provided starter template runs shell and Python logic, then invokes the renderer to write a PNG. This is expected for the rendering workflow, but it is still local command execution.
eval "$(python3 - <<'PY' ... )" ... "$JSON_RENDER_CMD" ... -o "$OUT_PATH"
Run it only in an environment where local shell execution is acceptable, and keep table input to data you are comfortable processing through the renderer.
If the table contains sensitive information, that data could be exposed to a delegated agent/model during rendering.
The skill allows rendering work to be handed to another agent/model. The artifact adds handoff constraints, but table content may still be processed outside the main agent.
Delegate rendering to a sub-agent only when output-path handoff is explicit and deterministic. ... route simple deterministic rendering to a lower-cost fast model (for example, `gemini3flash`)
For sensitive tables, keep rendering in the main agent and avoid delegation or alternate model routing unless the user explicitly accepts that data flow.