ClawHub
Back to skill
v1.1.0

Table2Image

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:31 AM.

Analysis

Table2Image appears purpose-aligned for converting tables to PNGs, with the main thing to notice being that installation downloads Playwright/Chromium and rendering launches a local headless browser.

GuidanceThis looks safe for its stated purpose. Before installing, be comfortable with npm installing dependencies and Playwright downloading Chromium, and remember that any table data you render may become an image intended for sharing on chat platforms.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
package.json
"postinstall": "npx playwright install chromium", "dependencies": { "playwright": "^1.58.2" }

Installing the package can automatically invoke Playwright to download Chromium. This is purpose-aligned for browser-based image rendering and is disclosed in the skill documentation, but it expands the install-time trust boundary to npm, Playwright, and the browser download.

User impactInstalling the skill may download a large browser component and run package-manager setup code on the local machine.
RecommendationInstall only in an environment where npm package installs and Playwright Chromium downloads are acceptable; verify the package source if supply-chain provenance matters.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
scripts/index.js
browserPromise = chromium.launch({
    headless: true
  });

The renderer launches a local headless Chromium browser to generate PNG screenshots. This is expected for the stated Playwright-based table rendering purpose, but it is still local executable/browser activity.

User impactRendering tables uses local CPU/memory and starts a headless browser process during use.
RecommendationUse the skill where running a local headless browser is acceptable, and avoid feeding it data that should not be rendered into shareable images.