ClawHub

marknative

v1.0.0

Render Markdown into paginated PNG/SVG without a browser using marknative.

0· 61·0 current·0 all-time
by@twoface2014
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md and README examples. The instructions specifically call out installing and importing an npm package ('marknative') and mention 'skia-canvas' as the rendering backend — these are consistent with a Markdown→image renderer.
Instruction Scope
SKILL.md only instructs the agent to check for or install npm packages and shows example code that reads a Markdown string and writes image files. It does not ask the agent to read unrelated files, access credentials, or transmit data to external endpoints beyond using npm to fetch the library.
Install Mechanism
There is no formal install spec in the registry; the SKILL.md suggests running 'npm install marknative'. Installing from npm is expected for this task but carries the usual npm risks: package install scripts can run arbitrary code and 'skia-canvas' may trigger native builds requiring system libraries. This is not incoherent, but users should be aware of the standard npm installation risks.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not reference any secrets. The absence of requested credentials is proportionate to the stated function.
Persistence & Privilege
Skill flags show no forced 'always' inclusion and default agent invocation settings. The skill does not request persistent system-level changes or modify other skills' configs.
Assessment
This skill is internally coherent: it tells you to install an npm package and shows how to render Markdown to images. Before installing or running its commands, verify the npm package source and version (pin a specific version), review the package's install scripts and repository if possible, and run npm installs in a controlled environment (container or sandbox) because npm packages — and native deps like skia-canvas — can execute code during install and require system libraries to build.

Like a lobster shell, security has layers — review code before you run it.

latestvk972afmh2gt3nkjvf32hp5ftah843mr6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments