image-annotation-usage
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
If the package itself is compromised or untrusted, adding it to a web app could affect the app’s security or behavior.
Why it was flagged
The skill tells users to add an external npm package. This is purpose-aligned for a component integration guide, but installing third-party packages changes the application supply chain.
Skill content
pnpm add @frank17008/image-annotation # or npm install @frank17008/image-annotation
Recommendation
Before installing, verify the npm package source, maintainer, version, and dependency reputation as you would for any third-party React component.