openclaw-visual

将 OpenClaw 中的信息（PhoenixClaw 日志、聊天记录、单条消息等）转换为精美排版的图片， 便于在聊天窗口（Telegram/Slack/Discord 等）中直接展示和分享。 Use when: - 用户要求将内容做成图片 ("帮我把这段话做成图片") - 用户要求生成日志可视化 ("生成今日日志分享图") - 用户要求将聊天记录可视化 ("把今天的对话做成总结图")

What to consider before installing: - Privacy: The skill's instructions explicitly read local files (~/PhoenixClaw/Journal/... and ~/.openclaw/sessions/*.jsonl). Those files may contain sensitive messages or personal data. If you don't want the skill to access those locations, avoid giving it filesystem access and instead pass content explicitly in the request. - Metadata mismatch: The skill metadata declares no required config paths, but the SKILL.md and docs expect specific files in your home directory. Treat that as a red flag — ask the author or inspect the code to confirm what will be read. - Dependencies: Installation uses npm packages from the public registry and optionally Playwright (large download + Chromium). Review package.json/package-lock and consider running npm install in a sandboxed environment (container/VM) and run npm audit before use. - Runtime flags: The renderer runs Chromium/Playwright with --no-sandbox which reduces process isolation; run in a controlled environment if you plan to generate untrusted HTML. - Minimizing risk: Instead of letting the skill auto-scan your session files, provide only the content you want rendered (JSON) to the script. If you must allow local file reads, inspect the code (scripts/generate-image.js and templates) yourself — there are no hidden network exfiltration endpoints in the included files, but npm packages execute code during install so verify them. - If unsure: run the skill in an isolated environment, avoid installing Playwright unless needed, and review or restrict access to ~/.openclaw and PhoenixClaw folders before enabling autonomous invocation.

Type: OpenClaw Skill Name: openclaw-visual Version: 0.0.1 This skill is classified as suspicious due to several critical security vulnerabilities. The `scripts/generate-image.js` script, which is central to the skill's functionality, explicitly launches headless browsers (Puppeteer/Playwright) with `--no-sandbox` and `--disable-setuid-sandbox` flags. This disables a fundamental security isolation mechanism, making the host system vulnerable to any exploits within the browser engine. Additionally, the script's reliance on command-line arguments for `--content` and `--output` creates a potential shell injection vector if the AI agent constructs these arguments from unsanitized user input. The skill also allows fetching images from user-provided `IMAGE_URL`s, posing a risk of Server-Side Request Forgery (SSRF). Finally, the `puppeteer` dependency (version 23.2.2) is marked as deprecated, indicating potential unpatched vulnerabilities in the browser itself. These issues, while not direct evidence of malicious intent within the skill's code, create a highly insecure environment.