ClawHub

Table2Image

v1.1.0

Convert markdown tables and JSON data to PNG images. Perfect for Discord, Telegram, and other platforms where markdown tables render poorly. Use when Claude...

1· 142·0 current·0 all-time
byumrjs@umrzcz-831
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (table→image for chat platforms) align with included code (rendering API, CLI, themes) and dependencies (playwright/chromium) — these are expected for pixel-perfect font/emoji rendering.
Instruction Scope
SKILL.md instructs npm install and playwright chromium download and documents CLI and programmatic APIs. Runtime actions (reading JSON files, generating PNGs, reusing a browser) match the stated purpose and do not reference unrelated files, env vars, or external endpoints.
Install Mechanism
No install spec in registry, but SKILL.md and package.json require npm install and npx playwright install chromium (downloads ~100MB). Playwright is fetched from npm (package-lock references official registry). The network download of Chromium is expected but worth noting.
Credentials
The skill requests no environment variables or external credentials. CLI/API read local files (data/theme files) only — proportional to the task.
Persistence & Privilege
No always:true, no modifications to other skills or global agent settings. The skill launches a local headless browser instance and cleans up on exit — behaviour is scoped to its own runtime.
Assessment
This skill appears coherent and implements exactly what it claims: converting tables/JSON to PNGs using Playwright + Chromium. Before installing, note: (1) npm install will pull Playwright from the public registry and npx playwright install chromium will download a ~100MB browser binary — allow network for the first run; (2) the package executes only local file reads/writes and spawns a headless Chromium process (no hidden network endpoints were found), but running third‑party code always carries risk — review the scripts (already included) or run in a sandbox if you don't trust the publisher; (3) when using the programmatic API, be cautious passing untrusted formatter functions or code that could run in your environment. If you need tighter controls, run this on an isolated runner or inspect/lock dependencies before deployment.

Like a lobster shell, security has layers — review code before you run it.

latestvk9792jgx3pgw3d5smrteacvd6984hx82

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments