ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adobe Automator

v1.1.2

Automate Photoshop, Illustrator, InDesign, Premiere Pro, and After Effects using ExtendScript (ES3) scripts executed via a cross-platform bridge.

0· 1.1k·3 current·3 all-time
by@abdul-karim-mia

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for abdul-karim-mia/adobe-automator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Adobe Automator" (abdul-karim-mia/adobe-automator) from ClawHub.
Skill page: https://clawhub.ai/abdul-karim-mia/adobe-automator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install adobe-automator

ClawHub CLI

Package manager switcher

npx clawhub@latest install adobe-automator
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the skill accepts a target Adobe app and a JSX script, writes the script to a temp file, and invokes cscript (Windows) or osascript (macOS) to run it. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
The SKILL.md and handler explicitly allow execution of arbitrary ExtendScript (ES3). That is necessary for the stated automation purpose, but ExtendScript has unrestricted filesystem access and can perform destructive or exfiltrative actions. The skill relies on the user/agent to inspect/validate scripts rather than enforcing any sandboxing or whitelisting.
Install Mechanism
No install spec — instruction-only with a small handler.js. The handler uses only standard Node.js APIs (fs, child_process, os) and spawns built-in platform script hosts. There are no downloads, external installers, or archive extraction steps.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does not request unrelated secrets or system config access beyond writing temporary files and invoking system script hosts, which is proportional to its purpose.
Persistence & Privilege
always is false and model invocation is allowed by default. The skill does not modify other skills or system-wide agent settings and does not request persistent presence or elevated privileges beyond normal runtime behavior.
Assessment
This skill honestly implements an ExtendScript bridge for Adobe apps and therefore must be able to run arbitrary JSX — which has full ExtendScript filesystem access. That is coherent with the stated purpose but is high-risk: only run scripts you or a trusted party have reviewed. Practical mitigations: (1) never paste or run scripts from unknown sources; (2) run automation on an isolated machine or VM that does not contain sensitive data; (3) restrict filesystem permissions for the user account that runs Adobe; (4) maintain an allowlist of vetted scripts or require signed scripts; (5) log invocations and inspect temporary files if something looks suspicious; (6) be aware temporary files are written to the OS temp directory and the handler attempts to delete them but may leave remnants if execution fails. If you need automatic/scripted automation in an environment with sensitive data, consider additional sandboxing or a review policy before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bdwy6dh22h1zj1zgr4g6by1814xsr
1.1kdownloads
0stars
3versions
Updated 3h ago
v1.1.2
MIT-0
@abdul-karim-mia
latest
Download

Adobe Master Automator (v1.1.2)

A generalized skill for automating multiple Adobe applications using a cross-platform ExtendScript bridge.

Supported Applications

  • Photoshop
  • Illustrator
  • InDesign
  • Premiere Pro
  • After Effects

Commands

runScript

Executes raw ExtendScript (ES3) in the target application.

Parameters:

  • app: Target application (photoshop, illustrator, indesign, premiere, aftereffects).
  • script: The JSX code to execute.

🛠 AI Protocol

1. Technical Constraints

  • ES3 Syntax Only: Adobe apps use the ExtendScript (ES3) engine. Avoid modern JS features.
  • Target App Availability: Ensure the target application is installed and running (or able to launch) on the host system.

2. Security & Side Effects

[!CAUTION] High Risk Capability: The runScript command accepts and executes arbitrary ExtendScript (JSX) code. Attempting to restrict this would break the skill's core purpose, but users must be aware of the implications.

  • Filesystem Access: The Adobe ExtendScript engine has unrestricted access to the host filesystem via the File and Folder objects.
  • Untrusted Scripts: ❌ NEVER execute scripts from untrusted sources. A malicious script could delete files, exfiltrate data, or install persistent malware.
  • Verification: Always inspect the script parameter payload before allowing execution.

Setup

The skill automatically detects your operating system and routes commands to the appropriate application.

  • Windows: Uses built-in cscript (Windows Script Host).
  • macOS: Uses built-in osascript (AppleScript).

Developed for the OpenClaw community by Abdul Karim Mia.

Comments

Loading comments...