TeX Render
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed local LaTeX-to-image renderer, with cautions around automatic rendering, npm dependencies, and local file output.
Before installing, make sure you want LaTeX in replies to be automatically rendered and sent as images. Run npm install only if you trust the listed npm dependencies, and remember that generated images are saved locally under ~/.openclaw/media/tex-render unless another output path is used.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may send equations as images instead of raw LaTeX even when the user did not explicitly ask for rendering.
The skill changes the agent's response behavior by automatically rendering and sending images whenever LaTeX would appear.
the agent will **automatically** render any LaTeX in its replies as images and send them in order—without asking for permission
Enable this skill only if automatic LaTeX-to-image rendering is desired; disable it when raw LaTeX or per-use confirmation is preferred.
Installing the skill requires trusting the npm dependency chain and whatever compatible dependency versions npm resolves at install time.
The skill depends on npm packages with semver ranges rather than fully pinned versions; sharp is also a native image-processing dependency.
"dependencies": { "@svg-fns/svg2img": "^0.2.0", "mathjax": "^4.1.0", "sharp": "^0.34.5" }Review dependencies before installing, and consider using a lockfile or pinned versions in higher-trust environments.
Running the validation script executes local code from the skill folder, which is expected for npm test but should still be done only after trusting the skill.
The static scan flagged child_process usage. In context, it invokes the current Node executable to run the skill's own render.js during validation tests.
const result = spawnSync(process.execPath, args, {Run npm test or validation commands only from the reviewed skill directory.
The skill will create persistent local image files, and custom output paths could overwrite files if used carelessly.
The renderer writes generated SVG and image files to the local filesystem by default, and the CLI also supports caller-provided output paths.
const DEFAULT_OUTPUT_DIR = path.join(os.homedir(), '.openclaw', 'media', 'tex-render');
Use the default media directory or a trusted output directory, and avoid directing output to sensitive or protected paths.