Skillv1.0.0

ClawScan security

微信表情包制作工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 7:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent: it is a local image-processing tool that slices grid images into WeChat‑compliant stickers, requests no unrelated credentials, and contains only expected dependencies and scripts (note: optional background‑removal will download models and pip will fetch packages).
Guidance: This skill appears to do what it claims, but take the following precautions before running: (1) Review requirements.txt (Pillow, rembg, onnxruntime) and consider installing in an isolated environment or container—run.sh creates a local .venv but pip will fetch packages from the internet. (2) If you enable --remove-bg, the rembg component may download ML model weights on first use; ensure you are comfortable with that network activity and have sufficient disk space. (3) The tool processes files you give it and writes output files to the chosen output directory—avoid passing sensitive images unless you intend to process them locally. (4) If you need stricter supply-chain guarantees, inspect the upstream PyPI packages or install dependencies from vetted sources. (5) There is no evidence of data exfiltration or secret access in the code, but if you are unsure, run the script in a sandbox or review the code yourself before use.

Review Dimensions

Purpose & Capability: okThe name/description (WeChat sticker maker) match the included files and behavior. Required dependencies (Pillow, rembg, onnxruntime) are appropriate for image resizing and optional AI background removal. No extraneous credentials, binaries, or config paths are declared.
Instruction Scope: okSKILL.md instructs the agent to create a virtual environment, install Python packages, and run the provided script on a user-supplied image. The runtime instructions and code operate only on the supplied image and write output files (main/, icon/, meta.txt, info.txt, candidate images). There are no instructions to read unrelated system files, environment variables, or to send data to external endpoints. The docs correctly call out that --remove-bg needs network access to obtain models.
Install Mechanism: noteThere is no platform install spec; run.sh creates a local virtualenv and runs pip install -r requirements.txt. This is expected for a Python skill but implies network activity: pip will fetch packages from PyPI, and rembg may download model weights at first use. No downloads from arbitrary URLs or use of URL shorteners are present.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The code does not access secrets or unrelated services. The only external resources are Python packages and optional ML model downloads tied to the stated remove-bg feature.
Persistence & Privilege: okThe skill does not request permanent presence (always:false) and does not modify other skills or global agent settings. It writes outputs to a user-designated output directory and creates a local .venv within the skill directory when run.