← Back to Skills Marketplace

项目宣传页和长截图一键生成工具

Name: 项目宣传页和长截图一键生成工具
Author: kunyashaw

by kunyashaw · GitHub ↗ · v0.1.3 · MIT-0

cross-platform ⚠ suspicious

313

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install project-intro-generator

Description

一键生成项目介绍页，支持本地编辑和长图导出。

Usage Guidance

This skill appears to implement exactly the advertised features, but it has a concrete security flaw you should consider before installing or running it on sensitive hosts: src/git.js uses execSync(`git clone --depth 1 ${gitUrl} ...`) with the gitUrl interpolated directly into a shell command, which can allow command injection if a malicious git URL is provided. Recommendations: - Do not run this skill with access to sensitive files or credentials unless you audit/mitigate the code first. - If you need git clone support, prefer running it only with trusted repository URLs, or modify the code to use a spawn variant with an args array (no shell) or a safe git library. - Run the skill in an isolated environment (container, VM) if you will pass untrusted git URLs or project paths. - Be aware the generated HTML loads html2canvas from jsdelivr; if you edit/open the generated page in a browser, that remote script will run. If your threat model excludes remote scripts, remove/host that dependency locally. - If you are not comfortable reviewing or patching the code, test the skill on non-sensitive sample projects only.

Capability Analysis

Type: OpenClaw Skill Name: project-intro-generator Version: 0.1.3 The skill bundle contains a command injection vulnerability in `src/git.js`, where the `gitUrl` parameter is passed directly to `execSync` without sanitization. Additionally, `src/image.js` utilizes `playwright` to render HTML and capture screenshots, which presents a risk of local file disclosure or SSRF if the input paths or URLs are not strictly controlled. While these are high-risk vulnerabilities that could lead to Remote Code Execution (RCE), the extensive logic for project analysis and dependency mapping suggests a legitimate utility rather than intentional malware.

Capability Assessment

✓ Purpose & Capability

Name/description match behavior: the code scans local project directories, parses dependencies/README, renders an editable HTML and can export a long PNG via Playwright. Required capabilities (filesystem access, optional git clone, optional playwright) are coherent with the stated purpose.

⚠ Instruction Scope

Runtime instructions accept an absolute project path or a git URL and then scan the entire project tree. Scanning local files is necessary for the feature, but the implementation executes shell git clone via child_process.execSync with the user-supplied gitUrl interpolated directly into the command string — this allows command injection if an attacker can control the gitUrl. Also the generated HTML loads html2canvas from jsdelivr (external CDN) which can execute remote JS in the browser/editor context.

ℹ Install Mechanism

No platform install spec (instruction-only skill) — lower risk from install scripts. The package.json lists marked and optional playwright; using playwright will require installing it (and its browsers) locally. The public html2canvas loader injects a script from jsdelivr at runtime (remote dependency that could be tampered with); this is expected for screenshot/export functionality but worth noting.

✓ Credentials

The skill requests no environment variables or credentials. It only needs filesystem access and (optionally) network access for git/GitHub and to fetch external resources — these are proportionate to its purpose.

✓ Persistence & Privilege

always:false and no special persistence or cross-skill config modifications. The skill does not request elevated platform privileges in its metadata.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install project-intro-generator
After installation, invoke the skill by name or use /project-intro-generator
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.3

- Updated version to 0.1.2 in SKILL.md. - Reformatted and reorganized SKILL.md for improved clarity. - Moved installation tip and demo video up in the documentation. - Minor adjustments to formatting and list descriptions in usage and feature sections. - No code changes detected; documentation only.

v0.1.1

- Added installation hint for ClawHub at the top of the documentation. - Included a GitHub repository link for easier access to the project source. - No functional or code changes introduced in this version.

v0.1.0

Initial release of project-intro-generator: - Generates editable project introduction pages from local directories.根据项目目录自动生成项目宣传页（可自定义编辑内容、主题） - Supports long image (PNG) export from HTML via Playwright.支持长截图 - CLI commands for generation and image export.(支持直接用cli来操作) - Prioritizes README for content, parses common package managers. - Supports multiple visual themes and project overview statistics.支持多主题

Metadata

Slug project-intro-generator

Version 0.1.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is 项目宣传页和长截图一键生成工具?

一键生成项目介绍页，支持本地编辑和长图导出。 It is an AI Agent Skill for Claude Code / OpenClaw, with 313 downloads so far.

How do I install 项目宣传页和长截图一键生成工具?

Run "/install project-intro-generator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 项目宣传页和长截图一键生成工具 free?

Yes, 项目宣传页和长截图一键生成工具 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 项目宣传页和长截图一键生成工具 support?

项目宣传页和长截图一键生成工具 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 项目宣传页和长截图一键生成工具?

It is built and maintained by kunyashaw (@kunyashaw); the current version is v0.1.3.

More Skills