AI Remove Watermark
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned: it uploads a user-selected image to the configured watermark-removal API using an API key, with optional local download of the result.
Before installing, confirm you trust Airemovewatermark and the configured API endpoint. Use the default HTTPS API URL unless you have a trusted reason to override it, keep API_KEY private, and only process images you are authorized to upload and edit.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The API key can consume credits or access the user's Airemovewatermark account features, so exposure or misconfiguration could affect the account.
The script accepts an API key from the command line or environment and sends it as an authorization credential for provider requests.
args['api-key'] || process.env.API_KEY || process.env.REMOVE_WATERMARK_API_KEY ... authorization: `Bearer ${apiKey}`Prefer environment variables over command-line key arguments, keep the key out of logs and shell history, and only use the default or another trusted API base URL.
Any image selected for processing will be shared with the configured remote service.
The skill clearly discloses that local image files leave the machine and are sent to the remote provider for processing.
Local files are uploaded to the remote API as part of processing
Use this only for images you own or are authorized to edit, and avoid uploading sensitive images unless you trust the provider and its terms.