exam-rescue-html
PassAudited by ClawScan on May 12, 2026.
Overview
This skill coherently generates local exam-review HTML files, with only normal transparency and content-handling cautions.
This appears safe for its stated purpose. Install it if you are comfortable with it reading your exam-session and knowledge-base notes, creating local JSON/HTML files, and loading KaTeX from a CDN when the HTML is opened. Review the final HTML for accuracy before relying on it for exam preparation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may generate or overwrite its output without extra prompts and may not clearly explain every fallback.
The skill intentionally favors silent, no-confirm execution. That matches the zero-wait goal, but users may not see some failures or fallback behavior.
**Do not ask for confirmation to proceed.** ... **All errors are silent fallback.** 遇到问题静默处理,不暴露给用户。
Use it in the intended exam workspace and review the generated HTML if accuracy or overwrite behavior matters.
Incorrect or unwanted content in the source knowledge base can be carried into the final review sheet.
The skill reuses retrieved knowledge-base content and persists summarized/generated results. This is expected for the purpose, but it depends on the trustworthiness of the source notes.
调用 knowledge-base 技能的 note_retrieve 接口检索原文 ... 写入 .exam-session/rescue_notes.json
Keep the knowledge map and source notes trustworthy, and check the generated review sheet before relying on it.
Opening the generated HTML may contact a CDN and run third-party JavaScript for formula rendering.
The generated HTML loads KaTeX assets from the unpkg CDN. The version is pinned and purpose-aligned for math rendering, but the output depends on a third-party remote script when opened.
<script defer src="https://unpkg.com/katex@0.16.9/dist/katex.min.js"></script>
If offline use or strict privacy is important, replace CDN resources with local KaTeX files or add integrity controls.
If source notes contain raw HTML-like text, it could be rendered as markup in the generated file rather than plain text.
The instructions place generated or retrieved text into HTML fields. This is necessary for the feature, but the artifacts do not explicitly require HTML escaping for unusual source content.
<div class="formula-name">{name}</div> ... <div class="formula-body">{formula}</div> ... <div class="hotspot-note">{core_note}</div>Escape user- or note-derived text before inserting it into HTML, except where trusted LaTeX/math formatting is intentionally allowed.