briefing-visualizer简报转手机长图
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: briefing-visualizer Version: 1.0.0 The skill bundle is designed to convert structured text briefings into mobile-optimized long images. The core logic in 'process_briefing.py' uses subprocess to invoke a local Chrome/Chromium instance for headless rendering and the PIL library for image stitching and cropping, which aligns perfectly with the stated purpose. No evidence of data exfiltration, persistence, or malicious prompt injection was found in the code or documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user processes arbitrary or malicious HTML, that page may run in a less-isolated browser process during screenshot generation.
The script launches a local Chrome process to render a file:// HTML page. This is central to the screenshot purpose, but disabling the browser sandbox reduces isolation if the HTML contains untrusted script content.
"--headless", "--disable-gpu", "--no-sandbox", ... "file://" + os.path.abspath(html_path),
Use trusted or sanitized HTML, escape user/fetched text before inserting it into templates, and consider removing --no-sandbox unless it is strictly required in the target environment.
The skill may fail until local dependencies are installed, and users may need to obtain those dependencies outside the declared install flow.
The script requires Pillow/PIL and a local Chrome or Chromium installation, while the provided registry metadata declares no required binaries and there is no install spec.
from PIL import Image ... raise FileNotFoundError("未找到 Chrome,请安装 Google Chrome 或配置 CHROME 路径")Declare Chrome/Chromium and Pillow requirements clearly, and install any missing dependencies only from trusted sources.