ClawHub

ImageCompress

v1.0.1

Compress PNG, JPEG, WebP images using TinyPNG/Tinify free web API. No API key required, no login needed. Supports single/batch/directory compression with aut...

0· 40·0 current·0 all-time
by@aga-j·duplicate of @aga-j/imgae-compress
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (compress images via TinyPNG web endpoint) match the code and declared requirements: python3 and the requests package. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the script confine actions to reading image files and performing POST/GET requests to tinypng.com or tinify.cn. The script explicitly spoofs User-Agent and X-Forwarded-For headers and uses randomized tokens to avoid rate-limiting — this is within the stated goal (avoid rate limiting) but is also an evasion technique that may violate Tinypng's terms of service or be viewed as abusive. The README warns about using the web frontend rather than the official API.
Install Mechanism
Install spec only pulls the Python 'requests' package. No downloads from unknown URLs or archive extraction. The listed installer kind is 'uv' (registry metadata) — this appears to map to installing the requests package and is proportionate for a Python script.
Credentials
No environment variables, secrets, or credentials are requested. The script requires network access to tinypng/tinify domains only. This is proportional to the skill's purpose.
Persistence & Privilege
Skill is user-invocable, not always-enabled, and does not request elevated or persistent system privileges. It does not modify other skills or system-wide configs.
Assessment
This skill is coherent with its description, but note two operational risks before installing: 1) Images are uploaded to TinyPNG/Tinify servers — do not upload sensitive or private images. The script also intentionally spoofs User-Agent and X-Forwarded-For to reduce rate-limiting; while effective for reliability, that behavior can violate the service's terms or be considered abusive. If you expect heavy/bulk usage, prefer registering for TinyPNG's official API (uses an API key) to avoid misuse and potential blocking. Finally, verify you trust the skill source before executing scripts that will upload your files to the network.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6j3p5k8a1z0y3td20602v584533k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗜️ Clawdis
Binspython3

Install

uvuv tool install requests

Comments