Image To Relief Stl
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its image-to-STL purpose, but its optional preview step can turn a crafted input filename into local Python code execution.
Use this only with trusted, simple filenames unless the preview code is fixed. The STL conversion itself is local and coherent, but avoid enabling SVG preview on files with unusual or externally supplied names, and be aware that the first run installs Pillow into a cached virtual environment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent processes a maliciously crafted filename and preview generation is enabled, code could run locally under the user's account.
The unquoted heredoc expands the user-controlled input path directly into Python source code. A filename containing quotes or newlines could alter the Python code executed when --preview-svg is used.
"$VENV/bin/python" - <<PY
from PIL import Image
img = Image.open("$IN").convert('RGBA')
...
mask.save("$TMPDIR/preview.pbm")
PYPass paths as arguments or environment variables to a quoted heredoc, for example `python - "$IN" "$TMPDIR/preview.pbm" <<'PY'`, then read them with `sys.argv`; avoid interpolating file paths into generated code.
First use may fetch third-party code from the Python package ecosystem and keep it in a cached virtual environment.
The wrapper downloads and installs an unpinned Python package on first run. Pillow is purpose-aligned for image processing, but the dependency version and provenance are not pinned in the artifacts.
python3 -m venv "$VENV" "$VENV/bin/pip" install --upgrade pip >/dev/null "$VENV/bin/pip" install pillow >/dev/null
Pin the Pillow version, declare the Python dependency in the skill metadata or installation instructions, and let users approve first-run dependency installation.