ClawHub

Image Utils

v1.3.0

Classic image manipulation with Python Pillow - resize, crop, composite, format conversion, watermarks, brightness/contrast adjustments, and web optimization...

3· 1.6k·2 current·2 all-time
byGal Davidi@galbria
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (image resize/crop/composite/format conversion) match the provided SKILL.md and the Python implementation. The code imports Pillow and requests as expected for image IO and URL downloads; nothing requires unrelated services or credentials.
Instruction Scope
Runtime instructions stay within image processing scope (loading from path/URL/base64, resizing, saving, watermarking, etc.). One operational note: the skill downloads arbitrary URLs (load_from_url via requests.get), which is normal for this purpose but means supplying untrusted or internal URLs could leak network activity or expose internal endpoints (SSRF risk) if run in a networked agent environment.
Install Mechanism
This is an instruction-only skill with a code example file; no install spec is included. SKILL.md recommends 'pip install Pillow requests' which is proportional and standard. No downloads from unknown hosts or archive extraction are present.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not read environment variables or credentials, so requested permissions are minimal and proportional.
Persistence & Privilege
always is false and the skill does not request permanent inclusion or modify other skills. It does not perform any privileged or background persistence actions.
Assessment
This appears to be a straightforward Pillow-based image utility. Before installing or running: (1) only install Pillow/requests from the official PyPI packages; (2) avoid passing internal or sensitive URLs to load_from_url (it will perform HTTP requests, which can cause SSRF or reveal access to internal services); (3) run the code in a constrained environment if you process untrusted images; and (4) review any calls to external services if you plan to integrate with other skills (the file contains a docstring example referencing a bria client but the code itself does not contact third-party APIs beyond downloading image URLs).

Like a lobster shell, security has layers — review code before you run it.

latestvk97fczsm9ws7916dcvnnz2ne4983tvq3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments