Skillv1.0.1

ClawScan security

goods-images · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 10:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (generate e‑commerce images) matches its instructions, but it instructs the agent to run shell/python commands (including pip installs) and to repeatedly send the user's original images to an external image-generation API, which raises privacy and runtime-modification concerns that are not explained in the skill.
Guidance: Before installing or enabling this skill, consider: (1) The skill will repeatedly send the user's original product images to the generate_image service for each of 14 image-generation calls — ask who runs that service and what their data retention/privacy policy is. (2) The runtime instructions include running python commands and pip install Pillow, which changes the agent environment and fetches code from PyPI; if you need strict runtime immutability, disallow runtime installs. (3) The skill probes system font paths (reads filesystem locations) to render Chinese text — confirm you’re comfortable with that file access. (4) If product images contain sensitive branding or private information, confirm where images are transmitted and whether they remain in a trusted/sandboxed environment. (5) To reduce risk: require explicit user consent before uploading images, limit the number of external generate_image calls (or run a local generator), run the skill in a sandboxed environment, and/or request that the skill document the image-generation provider and retention policy. Additional information that would raise confidence to 'benign': a clear statement of where generate_image runs (local vs third-party), an explicit privacy/data-retention policy, and a guarantee that runtime pip installs are disabled or occur only in an isolated sandbox.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the skill focuses on producing 5 carousel + 9 detail images using image generation and PIL-based postprocessing. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: concernSKILL.md instructs the agent to (a) call generate_image many times and always pass the user's original image as ImagePaths (potentially uploading user images to the generation service), (b) run commands like python -c to probe environment and run a PIL script, and (c) pip install Pillow if PIL not present. These runtime steps can transmit user images off‑agent and modify the runtime environment; the skill does not document where generate_image calls go, retention, or privacy implications.
Install Mechanism: noteNo formal install spec in the registry, but the instructions tell the agent to run pip install Pillow if needed. Installing packages at runtime via pip is common but does modify the environment and can pull arbitrary code from PyPI — higher friction than a pure instruction-only skill.
Credentials: okThe skill requests no environment variables, credentials, or unrelated config paths. It does probe common font file locations (to render Chinese text), which is reasonable for Chinese typography, but that file probing does access system paths.
Persistence & Privilege: okalways:false and no persistent install/update of other skills or system configuration. The skill does not request elevated or permanent privileges.