rembg: remove-image-background
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This background-removal skill is purpose-aligned, but its scripts have an arbitrary-code-execution risk from crafted file paths and its installer persistently changes the user PATH.
Review and preferably patch the scripts before installing. Avoid processing images from untrusted archives or filenames containing quotes or unusual characters, and check your shell configuration after setup because the installer changes PATH persistently.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Processing an image with a maliciously crafted filename or output path could run unintended Python commands on the user's machine.
The script interpolates user-controlled file paths directly into Python source code and executes it with python -c. A path containing quotes and Python statements could execute arbitrary code as the user.
cmd = [venv_python, "-c", f"""... Image.open('{input_file}') ... output_img.save('{output_file}') ..."""]Do not construct Python code with f-strings from paths. Pass paths as subprocess arguments, use a helper script with argparse, or call the rembg library directly with safely handled variables.
Future shell commands may resolve executables from ~/.venv/rembg before other locations, and the change remains until manually removed.
The installer persistently modifies the user's shell configuration to prepend the virtualenv bin directory to PATH. This change survives after the task and affects future terminal sessions.
path_line = f'export PATH="{venv_bin}:$PATH" # rembg' ... f.write(f"\n# rembg\n{path_line}\n")Ask for explicit confirmation before editing PATH, document the exact files changed, and provide an uninstall or rollback command. Prefer a scoped wrapper or user-invoked activation.
Installation will download and run third-party Python packages needed for the AI background-removal tool.
The setup process installs Python packages from requirements.txt. This is expected for a rembg-based tool, but it depends on external package provenance and transitive dependencies.
subprocess.run([venv_pip, "install", "-r", requirements], check=True)
Install only in an environment you trust, review the requirements, and consider using a locked dependency file with hashes for stronger reproducibility.