Back to skill
Skillv1.0.1
ClawScan security
File Compression · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 4:43 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and required tools align with a straightforward PDF/image compression utility; there is no sign of hidden exfiltration or unrelated privileges, though a small metadata inconsistency and normal package-install risks deserve attention.
- Guidance
- This skill appears to do exactly what it says: compress PDFs/images locally using Ghostscript, pikepdf/Pillow, and Sharp as a Node fallback. Before installing or running: (1) Confirm you trust the PyPI and npm packages listed (pikepdf, pillow, sharp) because 'pip install' and 'npm install' can run package install/build scripts; review package source or lock versions if concerned. (2) Ensure Ghostscript is installed from your OS package manager. (3) The metadata's 'primary credential: python' is meaningless for operation and can be ignored. (4) The scripts operate on files you point them at—avoid running on sensitive system files or giving the skill paths to secrets. If you want extra caution, run the install and scripts in a sandbox/container or inspect the included files (they are small and readable) before executing.
Review Dimensions
- Purpose & Capability
- noteName/description match the actual behavior: scripts implement PDF and image compression using Ghostscript, pikepdf, Pillow, and Sharp. Required binaries (python3, node, gs) and included dependencies are appropriate for the stated purpose. Minor inconsistency: metadata/registry lists a 'primary credential' as 'python' (and SKILL.md shows primaryEnv: 'python'), which is not a standard credential name and is unnecessary for this skill.
- Instruction Scope
- okSKILL.md instructions are narrowly scoped to checking/installing dependencies and running the included compression scripts. The scripts operate on user-supplied input/output paths, create temporary dirs, and call local binaries; they do not reference unrelated system paths, secrets, or external network endpoints. The instructions explicitly require telling the user before running installs and showing commands, improving transparency.
- Install Mechanism
- okThere is no automatic arbitrary download/install from unknown hosts; dependencies are standard PyPI (requirements.txt) and npm (package.json) packages and system Ghostscript. The skill asks the agent to run 'pip install -r requirements.txt' and 'npm install', which is a normal, low-risk install pattern. Note: npm packages (and some Python packages) may execute code during install via lifecycle/build scripts—this is a normal supply-chain risk to be aware of.
- Credentials
- noteThe skill declares no required environment variables and requests only local binaries, which is proportionate. The only oddity is the 'primary credential'/'primaryEnv' set to 'python'—there are no credentials needed for compression and no env vars used by the scripts; this metadata entry appears unnecessary or mis-specified.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request permanent system/agent configuration changes. It runs as a user-invoked tool and does not modify other skills or global settings.