v0.1.0

Tensorslab Image

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:10 AM.

Analysis

The skill mostly matches its image-generation purpose, but it includes watermark-removal and undetectable face-swap workflows and sends local images to TensorsLab using an API key, so it deserves review before use.

GuidanceReview this skill carefully before installing. It is appropriate if you want TensorsLab-based image generation/editing and are comfortable sending prompts and selected source images to that service. Be especially cautious with watermark removal and face replacement: use them only when you have rights and consent, and disclose edits where appropriate. Protect the `TENSORSLAB_API_KEY`, monitor credit usage, and install the Python dependency in a controlled environment.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

references/scenarios.md

Remove watermark from image... No text or logos should remain... The result should look natural and undetectable as an edit.

The advanced editing scenarios explicitly direct the agent toward watermark removal and face replacement that is hard to detect, without describing consent, ownership, or disclosure checks.

User impactThe skill could help create misleading edited images, remove ownership marks, or make face replacements look authentic.

RecommendationUse these workflows only with clear rights and consent, and add explicit checks or disclosure requirements for watermark removal and face replacement.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

SKILL.md

pip install requests

The skill asks users to install the `requests` package, but the install metadata does not declare or pin that dependency. This is a normal dependency for an API client, but it is not captured in the install spec.

User impactUsers may manually install an unpinned package version before running the script.

RecommendationInstall dependencies in a virtual environment and consider pinning `requests` in a declared install specification.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Requires TENSORSLAB_API_KEY environment variable.

The skill requires a bearer API key for TensorsLab, while the registry metadata says there are no required env vars or primary credential. The credential is expected, but under-declared.

User impactThe agent can use the configured TensorsLab account and consume credits when generating or editing images.

RecommendationSet the API key only in a trusted environment, monitor account usage, and prefer a scoped or revocable key if TensorsLab supports it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/tensorslab_image.py

f = open(img_path, "rb") ... files.append(("sourceImage", (os.path.basename(img_path), f))) ... _SESSION.post(endpoint, headers=headers, files=files, timeout=60)

For image-to-image editing, the script reads local source files and sends them to the external TensorsLab API. This is expected for the feature, but it means local images may leave the device.

User impactPersonal photos or other source images provided to the skill may be uploaded to TensorsLab for processing.

RecommendationOnly provide images you are comfortable sending to the provider, and review TensorsLab’s privacy and retention terms before using sensitive photos.