Product Image Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a coherent, instruction-only product image generator with scoped file outputs and disclosed preference storage, and no evidence of hidden credentials, code execution, or exfiltration.
Before installing, confirm you are comfortable with the skill creating product-image output files and saving style/platform preferences in EXTEND.md. Do not place confidential information in product descriptions, reference images, or preference files unless you intend the agent to use it for image generation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can create local project files as part of its normal output, but the documented path is specific and aligned with the image-generation purpose.
The documented workflow writes generated analysis, prompts, and image files into a scoped product-images folder.
product-images/{product-slug}/ ... analysis.md ... outline.md ... prompts/ ... images/Run it from the project where you want outputs saved, and review generated files before using or publishing them.
Saved preferences such as default platform, style, language, and watermark can carry over into later runs, especially at user level.
The skill persists user preferences that may influence future image-generation behavior.
After user selection, save to EXTEND.md: Project-level: `.teamclaw-skills/product-image-generator/EXTEND.md`; User-level: `$HOME/.teamclaw-skills/product-image-generator/EXTEND.md`
Review EXTEND.md periodically, avoid placing secrets in preference fields, and use project-level settings when preferences should not apply globally.