briefing-visualizer简报转手机长图
PassAudited by ClawScan on May 9, 2026.
Overview
The skill coherently converts briefing text into a local mobile-format image, with minor cautions around local Chrome rendering and undeclared dependencies.
This appears safe for its stated local image-generation purpose. Before installing, confirm you are comfortable running a local Python script that launches Chrome, use trusted or sanitized briefing HTML, and make sure Chrome/Chromium and Pillow are installed from trusted sources.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user processes arbitrary or malicious HTML, that page may run in a less-isolated browser process during screenshot generation.
The script launches a local Chrome process to render a file:// HTML page. This is central to the screenshot purpose, but disabling the browser sandbox reduces isolation if the HTML contains untrusted script content.
"--headless", "--disable-gpu", "--no-sandbox", ... "file://" + os.path.abspath(html_path),
Use trusted or sanitized HTML, escape user/fetched text before inserting it into templates, and consider removing --no-sandbox unless it is strictly required in the target environment.
The skill may fail until local dependencies are installed, and users may need to obtain those dependencies outside the declared install flow.
The script requires Pillow/PIL and a local Chrome or Chromium installation, while the provided registry metadata declares no required binaries and there is no install spec.
from PIL import Image ... raise FileNotFoundError("未找到 Chrome,请安装 Google Chrome 或配置 CHROME 路径")Declare Chrome/Chromium and Pillow requirements clearly, and install any missing dependencies only from trusted sources.