← 返回 Skills 市场
520mianxiangduixiang520

md2img

作者 JuneBao · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
138
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install md2img
功能描述
Convert Markdown (inline text or a `.md` file path) into a single PNG image using local code (Markdown -> HTML -> headless browser screenshot). Use when the...
安全使用建议
This skill appears coherent for converting Markdown to a single PNG, but consider the following before installing or running it: (1) The script will fetch remote images referenced in the Markdown (HTTP(S) GETs with a custom User-Agent) and will read local image files referenced by paths in the Markdown — so embedding attacker-controlled URLs will cause outbound requests that reveal your machine's IP to those hosts. (2) The SKILL.md recommends installing playwright and running `playwright install chromium`, which will download Chromium — perform this in a sandboxed environment or VM if you are cautious. (3) If `bleach` is not installed the script falls back to a weaker regex-based sanitizer; for safer handling of untrusted Markdown, install bleach. (4) Avoid running this with elevated privileges and don't point it at Markdown that references sensitive local files you don't want read. If these behaviors are acceptable, the skill is coherent and usable.
功能分析
Type: OpenClaw Skill Name: md2img Version: 1.0.0 The skill provides Markdown-to-PNG conversion but contains a significant vulnerability in `scripts/md_to_png.py`. The `_inline_images_in_html` function allows reading and inlining arbitrary local files (LFI) and making outbound HTTP requests (SSRF) via the `src` attribute of `<img>` tags. Specifically, it explicitly resolves absolute filesystem paths (e.g., `/etc/passwd`), which could be exploited to exfiltrate sensitive system data by rendering it into the output image. While the script uses the `bleach` library for HTML sanitization, the subsequent image processing logic bypasses protocol restrictions for local file access.
能力评估
Purpose & Capability
The name/description (Markdown -> PNG via local headless browser) aligns with the included script and SKILL.md. Required binary is only python3 (declared) and the script performs Markdown->HTML->screenshot as described.
Instruction Scope
SKILL.md and the script are consistent: inline Markdown is written to a temp file, .md file inputs are used directly, output path handling and single fullPage PNG behavior are enforced. The script will read local files referenced by <img src=...> (absolute or relative) and will perform HTTP(S) GETs to inline remote images. These network/local-file reads are coherent with the stated 'inline images as base64' behavior but are notable for privacy/exfiltration considerations (remote image hosts receive GETs).
Install Mechanism
This is an instruction-only skill (no automated install steps). The SKILL.md instructs creating a Python virtualenv and installing packages (markdown, bleach, pygments, playwright) and running `playwright install chromium`. Those are reasonable for the stated functionality but will download third-party packages and Chromium when followed.
Credentials
No environment variables, credentials, or config paths are requested. The script accesses local filesystem paths referenced by the user-provided .md (expected) and may read image files referenced in the Markdown. No unrelated credentials or secrets are requested.
Persistence & Privilege
always is false and the skill doesn't request persistent/privileged presence. It does not modify other skills or system-wide configuration. The runtime behavior (creating/removing a temp dir for inline input) is documented.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install md2img
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /md2img 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of md2img. - Converts Markdown (inline text or `.md` file path) to a single PNG image using a headless browser. - Supports both inline Markdown text and file path inputs. - Ensures output is always a single PNG file to a user-specified path or default filename. - Optional mobile-friendly rendering via adjustable image width. - Basic dark mode support using system/browser preferences.
元数据
Slug md2img
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

md2img 是什么?

Convert Markdown (inline text or a `.md` file path) into a single PNG image using local code (Markdown -> HTML -> headless browser screenshot). Use when the... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。

如何安装 md2img?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install md2img」即可一键安装,无需额外配置。

md2img 是免费的吗?

是的,md2img 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

md2img 支持哪些平台?

md2img 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 md2img?

由 JuneBao(@520mianxiangduixiang520)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论