ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Psd Automator

v1.0.2

Automate PSD text replacement on Mac and Windows with Photoshop, dry-run safety, style-lock checks, rollback, and local PSD index cache. Use when requests in...

0· 421·2 current·2 all-time
by@dhrxy
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The files (index builder, PSD modify/export ExtendScript, visual-matching, run-task orchestration) are consistent with a PSD automation tool. However the package metadata/manifest does not declare required Node native/third-party modules (sharp, JSZip) nor does the registry note system prerequisites (node, osascript, powershell). That omission is disproportionate to the described purpose and will cause failures or unexpected installation steps.
!
Instruction Scope
Runtime instructions and scripts read and write local files broadly (Desktop/Documents, arbitrary roots passed to build-index), create backups under ~/.openclaw, copy files into temporary bridge directories, and can export PNGs. Critically, the SKILL.md mandates emitting a DingTalk marker that contains an absolute file path when replying — this explicitly requires the agent to disclose local absolute paths to an external chat, which may leak sensitive filenames and directory structure. The build-index script scans given roots recursively and writes a JSON index (~/.openclaw/psd-index.json) containing file paths and optional sidecar metadata (textContents, layers) — intended but privacy-sensitive.
!
Install Mechanism
There is no install spec but the code imports non-built-in modules (sharp, JSZip). package-lock.json contains no packages. That means the skill as published is missing dependency declarations and will fail unless the operator manually installs dependencies (sharp is a native module with a nontrivial build/installation footprint). Also, run-task invokes system binaries (osascript, powershell.exe) and expects auxiliary wrapper scripts (see below) that are not present in the manifest, indicating an incomplete deployment package.
Credentials
The skill requests no environment variables or external credentials (good). It does access user-owned filesystem locations (home, Desktop, Documents, tmp) and creates ~/.openclaw audit/index files; this is proportionate to its function but sensitive because it indexes file paths and may read sidecar metadata (textContents). No cloud or unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request system-wide privileges beyond reading/writing user files under home and temp. It writes its own audit log and index under ~/.openclaw which is expected. There is no evidence it attempts to modify other skills or global agent settings.
What to consider before installing
This skill appears to implement PSD automation, but I found multiple red flags you should address before installing or running it: 1) Missing dependency and wrapper files: The code imports 'sharp' and 'jszip' but the package metadata doesn't declare or install them; 'sharp' requires native build/runtime dependencies. Also run-task.js expects platform-specific wrapper scripts (e.g., psd-modify-mac.applescript, psd-modify-win.ps1, psd-export-png-win.ps1) but the package only includes .jsx ExtendScript files — the glue scripts appear to be missing. Verify these files and dependency installation steps with the author, and test in an isolated environment. 2) Filesystem indexing and privacy: build-index.js recursively scans roots (Desktop, Documents or whatever you pass) and writes ~/.openclaw/psd-index.json containing absolute paths and optional sidecar text metadata. Consider whether you want an index of all PSDs on the machine and any embedded sidecar text. If you run build-index, limit --root to trusted folders and inspect the generated index before using it. 3) DingTalk marker leaks absolute paths: The SKILL.md requires emitting a [DINGTALK_IMAGE] marker containing an absolute path (e.g., /Users/name/Desktop/xxx.png). That will publish local absolute paths and filenames to an external chat service. If that is unacceptable, do not enable automatic replies that publish the marker; instead require human review before posting. 4) Test and sandbox: Run the tool in a controlled VM or test account first. Ensure Node, required native modules, and system automation (osascript / PowerShell + Photoshop automation) are correctly installed. Review and, if necessary, implement or supply the missing wrapper scripts so you know exactly what commands will run. If you cannot verify the missing wrappers and dependency installation, treat the package as incomplete/untrusted and do not run it on production machines holding sensitive data.
scripts/run-task.js:153
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖼️ Clawdis
latestvk97b0j27bab3yfmkprhe2xh9w183kt2h
421downloads
0stars
3versions
Updated 8h ago
v1.0.2
MIT-0
@dhrxy
latest
Download

PSD Automator

Cross-platform PSD text automation for teams using both macOS and Windows.

Scope

  • Phase 1 + 2 only.
  • Screenshot understanding is intentionally out of scope.
  • Uses one task protocol and two execution engines:
    • macOS: AppleScript (osascript)
    • Windows: Photoshop COM (PowerShell)

Task Protocol

Read references/task-schema.json before running.

Minimal required fields:

  • taskId
  • input.edits[] (layerName + newText)
  • input.exactPath or input.fileHint

Key optional fields:

  • workflow.sourceMode: inplace or copy_then_edit
  • output.exports[]: PNG export (mode=single or mode=layer_sets for sliced/block assets)
  • output.bundle.zipName: zip name for sliced assets bundle
  • options.pathBridgeMode: auto / always / off (macOS Unicode path bridge)
  • options.bundleZip: whether to bundle layer_sets PNGs into one zip
  • options.matchImagePath: screenshot path for selecting most similar exported slice

Build and Refresh PSD Index

Create or refresh local cache:

node skills/psd-automator/scripts/build-index.js \
  --root "/Projects/Design" \
  --root "/Users/me/Desktop/assets" \
  --index "~/.openclaw/psd-index.json"

Incremental refresh:

node skills/psd-automator/scripts/build-index.js --incremental

Run a Task

Dry-run first (recommended):

node skills/psd-automator/scripts/run-task.js \
  --task "skills/psd-automator/examples/task.mac.json" \
  --dry-run

Execute:

node skills/psd-automator/scripts/run-task.js \
  --task "skills/psd-automator/examples/task.mac.json"

Natural-language dispatch (through OpenClaw chat command, supports .psd and .psb):

/psd design-mac-01 帮我找到20260225工位名牌.psd或20260225工位名牌.psb,把姓名改成琳琳,座右铭改成步履不前,稳步前进,保存成png放置在桌面 --dry-run

DingTalk image handoff (required)

When replying in DingTalk and task execution is successful with PNG output, the final response MUST include this marker with an absolute path:

[DINGTALK_IMAGE]{"path":"<absolute_png_path>"}[/DINGTALK_IMAGE]

Rules:

  • Use absolute path only (for example /Users/name/Desktop/xxx.png).
  • Do not use filename-only values.
  • If pngOutputPath (or first item in pngOutputPaths) is missing, clearly report failure and do not emit a fake marker.
  • For mode=layer_sets, pngOutputPaths should contain all exported block images in the output folder.
  • When available, use selectedPngPath as the single best-match image for screenshot workflows.
  • When available, send bundleZipPath as file attachment: [DINGTALK_FILE]{"path":"<absolute_zip_path>","fileName":"<name>.zip","fileType":"zip"}[/DINGTALK_FILE].
  • Keep normal human-readable summary, then append marker on a new line at the end.

OpenClaw Routing Pattern (Phase 2)

Use OpenClaw subagent routing guidance:

Core idea:

  1. Main agent parses request.
  2. Resolve target machine + platform capabilities.
  3. Spawn/dispatch to target subagent.
  4. Subagent runs run-task.js locally.
  5. Return normalized result + audit log.

Safety Baseline

  • Always support dryRun.
  • Keep style lock (font and size) after text changes.
  • Disable Photoshop dialogs.
  • Create .bak backup before write.
  • Stop on ambiguous file matches (E_FILE_AMBIGUOUS); never guess silently.
  • On layer-not-found, return availableLayers + suggestedLayers.
  • Emit standardized error codes from references/error-codes.md.

Comments

Loading comments...