Psd Automator Screenshot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for screenshot-guided PSD text editing, but users should notice that it can auto-dispatch edits through an external PSD automator and records usage locally.
This appears purpose-aligned rather than malicious. Before installing, make sure you trust the separate psd-automator core, work on copies or backed-up PSD/PSB files, and be aware that high-confidence edits may be applied automatically and logged locally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A high-confidence request may be sent directly to the PSD automation pipeline and can change design files without another confirmation prompt.
The skill sends unstructured natural-language/screenshot requests to an editing tool and says high-confidence edits are dispatched automatically. This is central to the PSD automation purpose, but it is still local file-mutation authority.
commandDispatch: tool ... commandTool: psd_automator_screenshot ... commandArgMode: raw ... High confidence requests are auto-dispatched.
Use it on backed-up PSD/PSB files, verify the target file and requested text carefully, and prefer confirmation workflows for important assets.
The safety and scope of the actual PSD edits depend on the separately installed core tool.
The reviewed package is instruction-only, while its actual editing behavior depends on a separate psd-automator core component that is not included in the provided artifacts.
Requires psd-automator core.
Install or enable the psd-automator core only from a trusted source and review its permissions separately.
Local logs may retain details about screenshots, project files, and requested edits.
The skill creates persistent usage records, which may include file names, paths, or natural-language edit instructions.
Every invocation/execution is recorded to skills-usage.json.
Avoid putting secrets in edit instructions and periodically review or delete skills-usage.json if it contains sensitive project details.