Libvips Image
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent local image-processing skill, with the main caution that its optional setup script can install system packages and external Python tooling.
Before installing, review scripts/install.sh and be comfortable with it installing libvips, pyvips, and possibly uv. Use a virtual environment when possible, be cautious with sudo, and choose input/output directories carefully for batch image operations.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup can install code from external package sources onto the user's machine.
The installer may fetch and execute uv's remote install script and install Python packages from external sources. This is disclosed and purpose-aligned, but it relies on external supply-chain trust.
curl -LsSf https://astral.sh/uv/install.sh | sh ... uv pip install pyvips
Review the installer first, prefer trusted package-manager installs where possible, and use a virtual environment or pinned dependency versions for stricter reproducibility.
If run with sudo, the installer can make system-level changes, not just changes inside the skill directory.
The setup script can use sudo and system package managers to install dependencies. This is expected for installing libvips, but it grants the installer elevated local authority during setup.
sudo bash -c "$cmd" ... run_cmd "apt-get install -y libvips-dev libvips-tools python3-dev build-essential" ... sudo $pip_cmd install pyvips
Run the installer only after reviewing it, use user-level or virtual-environment installs where practical, and avoid sudo unless you trust the package sources and need system-level libvips.