by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is instruction-only and simply documents how to use your local Chrome/Chromium to capture screenshots of HTML. Before installing/use: (1) ensure Chrome/Chromium is installed on the machine where the agent will run (SKILL.md assumes it but the metadata didn't list it); (2) confirm the CHROME_PATH you want to use (the doc mentions it but doesn't declare it as required); (3) be careful what HTML files you pass—the command reads local file:/// paths, so avoid handing it sensitive files; (...详细分析 ▾
ℹ 用途与能力
The skill's name/description (HTML→PNG via Chrome headless) matches the runtime instructions. Minor mismatch: the skill metadata declares no required binaries, but the instructions clearly require a local Chrome/Chromium binary to be installed.
✓ 指令范围
SKILL.md stays on-topic: it tells the agent how to build HTML/CSS and run Chrome headless against a local file URL. It does not request unrelated files, credentials, or network exfiltration; it only references a local file path and an optional CHROME_PATH override.
✓ 安装机制
There is no install spec (instruction-only), so nothing is downloaded or written by the skill itself — this is the lowest-risk install model and matches the content.
ℹ 凭证需求
The skill requests no credentials and no config paths. SKILL.md mentions an optional CHROME_PATH environment variable (not declared in the metadata) and suggests installing fonts on Linux; both are reasonable but the CHROME_PATH mention is a slight metadata omission.
✓ 持久化与权限
always is false and the skill does not request permanent presence or modify other skills/config. The default ability for the agent to invoke the skill autonomously is unchanged and is not concerning here given the skill's narrow scope.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/4
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install lh-html-to-image
镜像加速npx clawhub@latest install lh-html-to-image --registry https://cn.longxiaskill.com