xiaohongshu card generator
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real local Markdown-to-card renderer, but it needs Review because MDX/raw-HTML rendering can execute embedded code when processing untrusted documents.
Install only if you trust the source. Run setup without admin privileges, choose an output directory you are comfortable writing to, and avoid rendering untrusted MDX or Markdown containing raw HTML unless you sandbox it or first remove scripts/event handlers/remote resources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Rendering an MDX file from someone else could run code in the local rendering process.
When --mdx-mode is enabled, the input Markdown/MDX file is passed to @mdx-js/mdx evaluate(), which can run embedded JavaScript during rendering rather than treating the document as inert text.
const module = (await evaluate(markdown, { ... })) ... if (options.mdxMode) { return { html: await mdxToHtml(markdown), warnings }; }Only use --mdx-mode with trusted files, or disable/sandbox MDX evaluation and clearly warn users before rendering untrusted MDX.
A malicious Markdown file could affect the browser render step or make unexpected network requests instead of being rendered as plain content.
Normal Markdown mode explicitly preserves raw HTML instead of escaping or sanitizing it, so embedded HTML such as scripts, event handlers, or remote resources can remain active when the generated page is rendered.
.use(remarkRehype, { allowDangerousHtml: true }).use(rehypeRaw).use(rehypeStringify, { allowDangerousHtml: true })Sanitize raw HTML by default, provide a trusted-content mode for advanced HTML, and render untrusted documents in a restricted no-network sandbox.
Installing the skill will add local Node packages and a browser runtime.
The setup script installs npm dependencies and downloads Playwright Chromium. That is normal for this renderer, but it is an external dependency/download surface.
npm --prefix "${SCRIPT_DIR}" ci ... npx --prefix "${SCRIPT_DIR}" playwright install chromiumRun setup only from a trusted source, avoid elevated privileges, and review package.json/package-lock.json if supply-chain risk matters.