remove-bg
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may launch another local application or, with a crafted output path on some platforms, increase the chance of unintended command execution.
After saving the PNG, the script automatically invokes platform commands to open the user-supplied output path. The Windows branch uses shell=True, and this auto-launch behavior is not clearly described in SKILL.md.
# 自动打开生成的 PNG(使用系统默认图片查看器) subprocess.run(['start', str(out_path)], shell=True, check=False) ... subprocess.run(['open', str(out_path)], check=False) ... subprocess.run(['xdg-open', str(out_path)], check=False)
Make opening the output file opt-in, disclose it clearly, avoid shell=True, and validate that the output path is a safe PNG path before invoking any opener.
If the agent or user chooses the wrong output location, the skill could create directories or replace a file with PNG data.
The tool reads and writes paths supplied at invocation and creates parent directories for the output. This is expected for an image conversion skill, but it is not technically confined to a workspace and can overwrite the selected output path.
input_file = Path(sys.argv[1]) output_file = Path(sys.argv[2]) ... out_path.parent.mkdir(parents=True, exist_ok=True) img.save(out_path, 'PNG')
Use explicit, safe output paths in a workspace or temporary directory, and consider adding checks that prevent overwriting existing files unless the user confirms.