image-annotation-usage
MaliciousAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: image-annotation-usage Version: 1.0.0 The skill bundle provides comprehensive documentation and integration examples for a React-based image annotation component (@frank17008/image-annotation). The content in SKILL.md consists of standard React/TypeScript code snippets, API references, and troubleshooting guides for common UI issues like canvas rendering and state management. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the package itself is compromised or untrusted, adding it to a web app could affect the app’s security or behavior.
The skill tells users to add an external npm package. This is purpose-aligned for a component integration guide, but installing third-party packages changes the application supply chain.
pnpm add @frank17008/image-annotation # or npm install @frank17008/image-annotation
Before installing, verify the npm package source, maintainer, version, and dependency reputation as you would for any third-party React component.