Back to skill
Skillv0.1.0
ClawScan security
Text To Image · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 3:33 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it provides a local script to render text-to-image, requires no external credentials or installs, and its instructions match the included code and files.
- Guidance
- This skill appears to do exactly what it says: a local Python script (Pillow-based) renders text into SVG/PNG/JPG and writes output to the skill's tmp/ folder. Before installing, consider: (1) the script will read whatever JSON spec file path you or the agent passes — do not point it at sensitive files; (2) it writes temporary image files under the skill directory (clean up if needed); (3) it depends on Python and Pillow being available in the runtime (no install spec provided); and (4) there are no network calls or required credentials. If you need air-gapped or more restrictive behavior, inspect the script locally and run it in a sandboxed environment.
Review Dimensions
- Purpose & Capability
- okName/description (text → image) align with the included script and testcases. There are no unrelated env vars, binaries, or external services requested.
- Instruction Scope
- okSKILL.md instructs running scripts/render_text_image.py with a JSON spec (inline or file) and to return the produced temp file path or data URI. The instructions reference only the script, its inputs, and outputs; they do not ask the agent to read unrelated system config or exfiltrate data.
- Install Mechanism
- okNo install spec is present (instruction-only with a bundled script). Nothing is downloaded or extracted; risk from installation steps is minimal.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The script uses local fonts and writes to the skill's tmp/ folder — appropriate for this purpose.
- Persistence & Privilege
- okalways is false and model invocation is allowed (default). The skill does not request permanent system-wide presence or modify other skills or system configuration.