ClawHub
Back to skill
v1.0.1

Psd Automator Screenshot

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:32 AM.

Analysis

The skill is coherent for screenshot-guided PSD text editing, but users should notice that it can auto-dispatch edits through an external PSD automator and records usage locally.

GuidanceThis appears purpose-aligned rather than malicious. Before installing, make sure you trust the separate psd-automator core, work on copies or backed-up PSD/PSB files, and be aware that high-confidence edits may be applied automatically and logged locally.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
commandDispatch: tool ... commandTool: psd_automator_screenshot ... commandArgMode: raw ... High confidence requests are auto-dispatched.

The skill sends unstructured natural-language/screenshot requests to an editing tool and says high-confidence edits are dispatched automatically. This is central to the PSD automation purpose, but it is still local file-mutation authority.

User impactA high-confidence request may be sent directly to the PSD automation pipeline and can change design files without another confirmation prompt.
RecommendationUse it on backed-up PSD/PSB files, verify the target file and requested text carefully, and prefer confirmation workflows for important assets.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
SKILL.md
Requires psd-automator core.

The reviewed package is instruction-only, while its actual editing behavior depends on a separate psd-automator core component that is not included in the provided artifacts.

User impactThe safety and scope of the actual PSD edits depend on the separately installed core tool.
RecommendationInstall or enable the psd-automator core only from a trusted source and review its permissions separately.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Every invocation/execution is recorded to skills-usage.json.

The skill creates persistent usage records, which may include file names, paths, or natural-language edit instructions.

User impactLocal logs may retain details about screenshots, project files, and requested edits.
RecommendationAvoid putting secrets in edit instructions and periodically review or delete skills-usage.json if it contains sensitive project details.