ClawHub

ChatMask

v1.1.1

Pixelate chat/messaging app screenshots (WeChat, WhatsApp, Telegram, iMessage, Slack, Discord, etc.) to hide chat name, profile pics, and/or display names. U...

1· 98·0 current·0 all-time
by@frankz2020
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the requested binaries (python3, git) and the actions (image processing). Requiring Python and Git is expected for a skill that clones a repo and runs a local script. Minor omission: the workflow reads images from $HOME/.openclaw/media/inbound (and writes to /tmp) but the skill metadata does not list any required config paths — this is consistent with normal agent media usage but is worth noting.
Instruction Scope
SKILL.md confines runtime behavior to: clone repo once, create a venv, install pinned Pillow and python-dotenv, prompt the agent to produce bounding-box JSON, and call a local process.py with --bbox-json to pixelate images. The instructions explicitly avoid runtime network calls in skill mode and limit analysis to specified elements. The skill copies inbound media into per-job temp dirs (/tmp) and expects the agent to provide vision output; these file reads/writes are necessary for the task but should be understood by the user.
Install Mechanism
No package install metadata in the registry (instruction-only), but Setup will perform a one-time 'git clone' from GitHub and 'pip install -r requirements.txt' in a created virtualenv. The commit SHA is pinned and the release notes indicate pinned dependency versions, which reduces supply-chain drift risk. Still, Setup executes network operations and installs third-party packages into a venv on disk — review the pinned commit and requirements before first run. The fallback apt-get step (python3-venv) may attempt system package install if venv creation fails.
Credentials
The skill declares no required environment variables or credentials, and SKILL.md states no API key is required for skill mode. Release notes explain that standalone CLI mode can read a .env with an OpenRouter key, but the skill's documented runtime path (using --bbox-json) does not make outbound calls and does not require secrets. This is proportionate to the described functionality. Users with an existing .env should be aware that standalone usage (outside skill mode) may use it.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request system-wide changes. Setup writes to a per-user path ($HOME/.openclaw/skills/chatmask) and creates a venv there; it does not modify other skills or system-wide agent settings. Autonomous invocation is permitted (platform default) but not paired with elevated privileges in this skill.
Assessment
This skill appears to do what it says: it asks the agent to locate sensitive areas in screenshots and runs a local Python script to pixelate them. Before installing, consider these points: - The Setup step clones a GitHub repo and pip-installs packages into a virtualenv on your machine. Although the commit SHA and dependency pins are present (good), you should review the repository at the pinned SHA (62b0d113...) and the requirements.txt to confirm you trust the code. - Setup will perform network operations once (git clone, pip install). If you prefer, run the Setup steps manually in an isolated environment or inspect the code first instead of running them automatically. - The skill reads images from $HOME/.openclaw/media/inbound and writes temp files to /tmp; ensure you’re comfortable with the agent having access to those locations for the intended task. - The skill does not require API keys for normal skill usage. However, if you run the script standalone (without --bbox-json), it may use an OpenRouter key found in .env — avoid placing secrets there unless intended. If you want to be extra cautious: review the pinned commit contents (process.py, vision.py, requirements files) before running Setup, or run Setup in a disposable account/VM.

Like a lobster shell, security has layers — review code before you run it.

latestvk974dhzw2zbrpaah8g5qegd7b9836vvq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎭 Clawdis
Binspython3, git

Comments