Design Assets
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: design-assets Version: 1.0.0 The skill bundle is benign. All code snippets and instructions in SKILL.md, including bash scripts utilizing `sips` and `magick` for image manipulation and a JavaScript function for color palette generation, are directly aligned with the stated purpose of creating and editing graphic design assets. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts to subvert the agent's intended behavior. File operations are limited to creating directories and image files as part of the asset generation process.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into the wrong folder, the example could unintentionally resize multiple image files.
This quick-reference command performs an in-place batch operation on matching PNG files. It is purpose-aligned for image processing and is only shown as an example, but users should run it only in an intended directory or on copies.
magick mogrify -resize 50% *.png
Use explicit output directories or work on copies when running batch image commands, and review command effects before execution.
The skill may fail or rely on whatever local versions of these tools are available on the user’s machine.
The SKILL.md references local tools including sips, ImageMagick/magick, screencapture, and nano-banana-pro, but the registry metadata does not declare these dependencies. This is an under-declared setup/provenance issue, not evidence of hidden code.
Required binaries (all must exist): none; Required binaries (at least one): none; No install spec — this is an instruction-only skill.
Verify required tools are installed from trusted sources; maintainers should declare expected binaries and OS assumptions in metadata.
Private brand concepts, unreleased product details, or other sensitive prompt content could be shared with the image-generation provider/tool.
The skill discloses use of an AI image-generation tool/provider for text prompts. This is aligned with the purpose, but the artifact does not describe provider data handling or boundaries.
| AI image generation | nano-banana-pro | Generate images from text prompts |
Avoid putting confidential information in image-generation prompts unless the provider is approved for that data.