微信表情包制作工具
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to perform the advertised local image-cropping task, with the main thing to notice being that its launcher installs Python dependencies at runtime.
This looks safe for its stated purpose if you are comfortable running a local Python image-processing tool. Before installing, review the Python dependencies, be aware that the launcher creates a `.venv` and may download packages, and use a deliberate output directory so generated files do not overwrite anything important.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may download and install Python packages into a local virtual environment.
The launcher installs dependencies from a requirements file when the skill is run, which is expected for this Python image-processing tool but still introduces third-party package supply-chain exposure.
"$PIP_BIN" install -q -r "$REQUIREMENTS_FILE"
Review the dependency list before first use, prefer a trusted Python/package index, and consider pinning versions if using it in a sensitive environment.
Dependency behavior could change over time as package versions update, even though the listed packages are coherent with image processing and optional background removal.
The dependencies use minimum-version ranges rather than exact pins, so future installs may resolve to newer package versions than the reviewed artifact was written for.
Pillow>=9.0.0 rembg>=2.0.0 onnxruntime>=1.14.0
For reproducible use, pin exact package versions or use a lockfile before installing in a production or high-trust environment.