File Compression
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims—compress PDFs and images—but it installs third-party packages and runs local compression tools, so users should approve installs and output paths.
Before installing, confirm you are comfortable with pip/npm/Ghostscript setup and use an isolated environment if possible. When running compression, choose explicit input and output paths and avoid overwriting important originals.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing dependencies can change the local environment and introduces normal package supply-chain risk.
The skill instructs installation of third-party Python and Node dependencies. This is expected for the compression backends, but it means the local environment will trust packages from external package registries.
python3 -m pip install -r {baseDir}/requirements.txt
...
cd {baseDir}
npm installApprove install commands explicitly, review requirements.txt and package.json, and prefer a virtual environment or isolated project directory.
Compression tasks run local tools on the files the user selects, which may take time and produce local output files.
The script runs an external Ghostscript process to compress PDFs. This command execution is central to the stated purpose and is invoked with an argument list rather than shell interpolation.
proc = subprocess.run(cmd, capture_output=True, text=True)
Run the skill only on intended files, review the command shown before execution, and keep local compression tools updated.
A poorly chosen output path could overwrite or place a compressed file somewhere unintended.
The direct Node image backend creates the output directory and writes to the requested output path. This is necessary for compression output, but users should be careful not to choose an existing or sensitive path unintentionally.
await fs.mkdir(path.dirname(resolvedOutput), { recursive: true });
await pipeline.toFile(resolvedOutput);Use a new, clearly named output path and confirm before overwriting existing files, especially when using direct Node fallback commands.