扫描报告
5 /100
html-to-pdf
Convert HTML files and URLs to PDF using Puppeteer
A legitimate HTML-to-PDF conversion tool using Puppeteer with no malicious behavior, obfuscation, or undeclared capabilities.
可以安装
This skill is safe to use. No security concerns identified.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Browser resource not declared in SKILL.md 文档欺骗 | scripts/html-to-pdf.js:17 |
| 低危 | Dependency puppeteer not version-pinned 供应链 | SKILL.md:64 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | scripts/html-to-pdf.js:36 - path.resolve() for input; writes PDF output |
| 网络访问 | READ | READ | ✓ 一致 | scripts/html-to-pdf.js:28 - page.goto() for URL conversion; declared in SKILL.md… |
| 命令执行 | NONE | NONE | — | No subprocess, exec, or shell command execution in implementation |
| 环境变量 | NONE | NONE | — | No os.environ access or environment variable iteration |
| 浏览器 | NONE | READ | ✓ 一致 | scripts/html-to-pdf.js:17 - puppeteer.launch() spawns browser; should be declare… |
目录结构
4 文件 · 7.4 KB · 285 行 Markdown 3f · 217L
JavaScript 1f · 68L
├─
▾
references
│ ├─
api.md
Markdown
│ └─
setup.md
Markdown
├─
▾
scripts
│ └─
html-to-pdf.js
JavaScript
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
puppeteer | * | npm | 否 | Version not pinned in installation instructions |
安全亮点
✓ No obfuscation, base64 encoding, or anti-analysis patterns detected
✓ No credential harvesting or sensitive file/path access
✓ No data exfiltration or external IP communication beyond the declared URL conversion feature
✓ No reverse shell, C2, or persistence mechanisms
✓ Code is clean, readable, and straightforward
✓ SKILL.md documentation accurately describes all core capabilities
✓ No hidden instructions or prompt injection vectors
✓ Error handling uses standard practices without suspicious behaviors