Background Remover Claw Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Neta/TalesofAI image background-removal wrapper, but it requires a Neta token and sends prompts or image references to that external API.
This skill looks safe for its stated purpose if you trust Neta/TalesofAI and the skill publisher. Use a limited or revocable Neta token, avoid pasting tokens into shared logs or transcripts, and do not submit sensitive prompts or private image references unless you are comfortable with that external service processing them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing users must provide a Neta token, which lets the skill create and poll image tasks under that Neta account.
The skill uses a user-supplied Neta credential to call the image API. This is expected for the stated service, but it is privileged account access and the registry metadata did not list a primary credential.
Requires a Neta API token... node <script> "your prompt" --token "$NETA_TOKEN"
Use a dedicated or revocable Neta token, avoid sharing command lines or logs containing the token, and revoke the token if you stop using the skill.
Your prompt, optional reference image UUID, task IDs, and generated image information are processed by the external Neta/TalesofAI service.
The code sends the user's prompt and token-bearing headers to the external TalesofAI API. This is purpose-aligned, but users should understand that prompt and image-task data leave the local environment.
rawPrompt: [{ type: "freetext", value: prompt, weight: 1 }], ... fetch("https://api.talesofai.cn/v3/make_image", { method: "POST", headers, body: JSON.stringify(body) })Do not submit sensitive prompts or private image references unless you trust the provider and its data-handling terms.
You have less provenance context for deciding whether to trust the skill publisher or future updates.
The artifact metadata does not establish a clear upstream source or homepage. The included package has no dependencies or install scripts, so this is a provenance note rather than a behavior concern.
Source: unknown Homepage: none
Review the included source and install only from a source or publisher you trust.