Multi-panel Figure Assembler
v1.0.0Assemble 6 sub-figures (A–F) into a high-resolution composite figure with consistent labels, padding, and publication-ready DPI.
⭐ 0· 46·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe assembling 6 panels into a composite figure; the included Python scripts (Pillow + numpy) implement exactly that functionality. Declared dependencies and example commands match the stated purpose; there are no unrelated environment variables, binaries, or external service credentials requested.
Instruction Scope
SKILL.md enforces a strict hard gate (exactly 6 panels) and documents local-only behavior (file load, resizing, labeling, saving). It explicitly forbids path traversal and out-of-scope operations, gives clear error/fallback templates, and only references local file system operations and font paths; there are no instructions to call external endpoints or read unrelated system secrets.
Install Mechanism
No install spec is provided (instruction-only), which reduces supply-chain risk — the skill will run the packaged Python code. The SKILL.md recommends 'pip install Pillow numpy' (appropriate). Small packaging issues: requirements.txt lists both 'pil' and 'pillow' (the 'pil' entry is incorrect/redundant); this is a minor quality issue, not a coherence/security problem.
Credentials
The skill requests no environment variables, credentials, or config paths. The functionality (image assembly) does not require secrets or cloud credentials, so the lack of requested secrets is appropriate.
Persistence & Privilege
always: false and no special persistence is requested. The skill does not modify other skills or global agent settings. Autonomous invocation is allowed by platform default but is not combined with any broad privileges or secret access.
Scan Findings in Context
[audit_report_present] expected: The package includes an internal audit JSON (multi-panel-figure-assembler_audit_result_v4.json) reporting security PASS and correct behavior for example tests. This is consistent with the skill's purpose but is not a substitute for code review.
Assessment
This skill appears coherent and implements exactly what it claims: assembling six image panels into a composite using local Python code. Before running, consider these practical precautions: (1) Review the included scripts (scripts/main.py and scripts/example.py) yourself — they will execute on your machine. (2) Run in an isolated environment (virtualenv or container) and install dependencies (pip install Pillow numpy); note requirements.txt contains a redundant/incorrect 'pil' entry — install 'Pillow' instead. (3) Use python -m py_compile scripts/main.py and run the --help to confirm expected behavior; the SKILL.md already suggests these checks. (4) Verify font fallbacks and that input paths are correct; the code already rejects ../ traversal. (5) Do not run as root and avoid executing third-party code on sensitive hosts without review. If you want higher assurance, run the example outputs in a sandbox and inspect the saved images before using in production.Like a lobster shell, security has layers — review code before you run it.
latestvk9758r4sw6r4ham1se41qvn89h83w5zc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.