ClawHub
Back to skill
v1.3.0

Image Utils

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:27 AM.

Analysis

This skill appears to be a straightforward image-processing helper, with disclosed local file and URL image handling plus user-directed dependency setup.

GuidanceThis looks safe for normal image resizing, cropping, conversion, and optimization. Before installing or using it, confirm you are comfortable installing Pillow and requests, use trusted image URLs, and choose output paths carefully to avoid overwriting files.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
references/code-examples/image_utils.py
response = requests.get(url, timeout=timeout, headers={"User-Agent": "BriaSkills/1.3.0"})

The utility can fetch an image from a user-supplied URL. This is expected for image loading, but remote URL access should be used only with trusted or intended image sources.

User impactThe agent could download images from remote locations as part of a user-directed image workflow.
RecommendationUse trusted image URLs and avoid asking the agent to fetch private, internal, or untrusted resources unless you intend that access.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
references/code-examples/image_utils.py
path.parent.mkdir(parents=True, exist_ok=True)
        save_image.save(path, **save_kwargs)

The save helper creates output directories and writes image files to a supplied path. This is normal for an image utility, but incorrect paths could overwrite or create files in unintended locations.

User impactThe skill can write processed images to the local filesystem when directed.
RecommendationSpecify safe output directories and review paths before saving over existing files.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
pip install Pillow requests

The skill documents external Python dependencies rather than using an install spec. These dependencies are appropriate for image processing and URL loading, but users should install them deliberately.

User impactInstalling the skill’s recommended packages adds third-party Python libraries to the environment.
RecommendationInstall dependencies from trusted package indexes and consider pinning versions in managed environments.