← Back to Skills Marketplace
nowhere1975

MD to Mobile Image

by nowhere1975 · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
155
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install md-to-image
Description
Convert Markdown files into high-contrast, mobile-friendly PNG images optimized for Telegram and social media sharing.
Usage Guidance
This tool appears to do what it says, but take these precautions before installing or running it: - Verify and fix the dependency mismatch: Playwright is required at runtime but not listed in package.json. Ask the author to add playwright (and ideally a clear install section) or install Playwright yourself and its browsers before running. - Prefer installing packages from an official registry. The package-lock references registry.npmmirror.com; confirm you trust that mirror or regenerate a lockfile using the official npm registry. - Treat input markdown as potentially untrusted: marked allows raw HTML, and the code loads the produced HTML into a real browser which will fetch and execute external resources. If you will convert untrusted markdown, run the tool in a network-isolated sandbox or modify the code to sanitize HTML (disable raw HTML in marked or run a sanitizer) and/or disable network access in Playwright. - Because Playwright launches Chromium, run the tool on a machine where installing large browser binaries is acceptable and sandboxed. If you want to proceed, ask the author for an updated package.json including playwright, clear install steps, and a note about network behavior; otherwise run the script in an isolated environment or container to limit exposure.
Capability Analysis
Type: OpenClaw Skill Name: md-to-image Version: 2.0.0 The skill bundle provides a utility to convert Markdown files into images using Playwright and marked.js. However, the implementation in `md-to-image.js` lacks input sanitization when converting Markdown to HTML and rendering it via `page.setContent()`. This vulnerability could allow for local file disclosure (LFI) or SSRF if the agent is tasked with processing a maliciously crafted Markdown file. Per the evaluation criteria, the lack of input sanitization in a high-risk execution context (headless browser) warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The script implements the described feature (marked → HTML → Playwright screenshot) and writes PNGs to /tmp as expected. However the SKILL.md and code require Playwright at runtime while package.json does not list playwright as a dependency — that mismatch means installation instructions are incomplete and the tool will fail unless Playwright is installed separately. package-lock entries resolve via registry.npmmirror.com (a mirror) rather than the official npm registry, which is unusual and worth verifying.
Instruction Scope
SKILL.md instructs running the CLI against a Markdown file; the implementation reads only the provided file and writes to /tmp. But the code uses marked (which by default allows raw HTML) and then does page.setContent(..., {waitUntil: 'networkidle'}) in Playwright. That will cause the headless browser to load/execute any external resources referenced in the generated HTML (images, fonts, scripts). If the Markdown contains embedded HTML or remote resources, the page can make outbound network requests. This is scope creep relative to a purely offline conversion and could expose your environment's IP to remote hosts or cause other network activity. There is no explicit sanitization of HTML in the code.
Install Mechanism
No install spec is provided. package.json declares only marked and highlight.js, but the runtime requires playright/chromium which is large and platform-specific and typically needs its own install step. The package-lock resolves packages from registry.npmmirror.com (a third-party mirror) — not inherently malicious but atypical; installation behavior is unspecified and may require manual steps (installing Playwright and browsers).
Credentials
The skill requests no environment variables, credentials, or config paths. The filesystem access is limited to reading the user-provided markdown file and writing output PNG(s) to /tmp/md-to-img, which is proportionate to its purpose.
Persistence & Privilege
always: false and no indication the skill persists or modifies other agent/system settings. It creates a local temporary output directory (/tmp/md-to-img) for results, which is normal for a CLI utility.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install md-to-image
  3. After installation, invoke the skill by name or use /md-to-image
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
No significant changes in this version. - No file changes detected. - Documentation, usage instructions, and technical details remain the same.
v1.1.0
No changes detected in this version. - The SKILL.md content remains unchanged from the previous version. - No file changes were identified.
v1.0.2
Version 1.0.2 of md-to-image - No file changes detected in this release. - Documentation and usage remain unchanged.
v1.0.1
- No changes detected in this version. - Documentation and functionality remain unchanged.
v1.0.0
Initial release of md-to-image. - Convert Markdown files into visually appealing mobile-optimized long PNG images. - Output images at 1080px width, auto height, with high-contrast, large font on white background. - Ensures clarity even after compression on platforms like Telegram. - Usage: md-to-image <md文件路径> - Built with Node.js, Playwright, marked.js, and highlight.js.
Metadata
Slug md-to-image
Version 2.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is MD to Mobile Image?

Convert Markdown files into high-contrast, mobile-friendly PNG images optimized for Telegram and social media sharing. It is an AI Agent Skill for Claude Code / OpenClaw, with 155 downloads so far.

How do I install MD to Mobile Image?

Run "/install md-to-image" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MD to Mobile Image free?

Yes, MD to Mobile Image is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does MD to Mobile Image support?

MD to Mobile Image is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MD to Mobile Image?

It is built and maintained by nowhere1975 (@nowhere1975); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments