Sprite Animator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it advertises, but users should know it runs an external package, uses a Gemini API key, and sends input images to Gemini.
Before installing or running this skill, confirm that you trust the `sprite-animator` package being fetched by `uv`, consider pinning the package version, use a limited Gemini API key, and only provide images you are comfortable sending to Gemini.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The external package code will run locally and may access the provided image, output path, and Gemini API key.
The skill relies on a runtime-fetched external package rather than bundled reviewed code, and the example does not pin a package version. This is purpose-aligned, but users should verify the package source/version.
uv run --with sprite-animator sprite-animator -i photo.png -o sprite.gif -a wave
Use a trusted, pinned version of the package where possible, and verify that the package source matches the advertised project before running it.
A misconfigured or over-privileged key could allow unintended Gemini API usage or costs.
The skill requires a Gemini API key, which is expected for Gemini-based image generation but still grants access to billable provider API usage.
"requires": { "bins": ["uv"], "env": ["GEMINI_API_KEY"] }, "primaryEnv": "GEMINI_API_KEY"Use a dedicated Gemini API key with the minimum needed permissions or quota limits, and avoid sharing it in logs or prompts.
Any image supplied to the skill may be transmitted to Gemini for processing.
The skill discloses that the user's source image is sent to an external AI provider. This is aligned with the stated purpose but is a privacy-relevant data flow.
Sends the template + source image to Gemini in ONE request
Avoid using sensitive, private, or confidential images unless you are comfortable with Gemini processing them under its applicable terms.