Image
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only image skill is coherent and benign, though users should be careful with optional command examples that can overwrite files or run registry packages.
This skill appears safe to install as image-processing guidance. Before running any example commands, work on copies, review batch and overwrite flags carefully, and treat npx examples as external code execution.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied without care, these commands could alter or overwrite original image files or remove metadata.
These examples can batch-modify images or overwrite metadata in local files. This is expected for an image-processing command reference, and the same file advises users to spot-check files and prefer writing outputs to a new path.
mogrify -resize 1920x1080\> *.jpg ... exiftool -all= -overwrite_original input.jpg
Run commands on copies first, spot-check one file before batch processing, and prefer output paths that preserve the original asset.
Running the npx examples would trust external package code in the user's environment.
The command examples include npx-based tooling, which can execute package-registry code. The artifact explicitly discloses this risk and frames the commands as examples for users who need concrete commands.
npx svgo input.svg -o output.svg ... Treat `npx` examples as remote-code execution from the package registry and use them only in trusted environments.
Use trusted packages, consider pinned versions or local installations, and avoid running npx commands in sensitive directories or untrusted environments.