ClawHub
Back to skill
v1.0.0

bg-remover

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:39 AM.

Analysis

This skill appears to perform the advertised local image background editing, with the main thing to notice being its user-directed installation of external Python packages and a model download.

GuidanceThis looks suitable for local background removal/replacement tasks. Before installing, consider running it in a Python virtual environment because it installs unpinned packages and may download a U2-Net model on first use; provide only image files you intend to process and choose output paths carefully.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/install.sh
$PIP install rembg Pillow numpy onnxruntime --quiet

The installer fetches external Python packages without pinned versions or hashes. This is expected for the image-processing purpose, but it means the user relies on the current PyPI supply chain at install time.

User impactInstalling the skill may add third-party Python packages to the local environment, and the exact versions installed can vary over time.
RecommendationReview the packages before installing, consider using a virtual environment, and pin versions if reproducible or controlled installs are important.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
首次运行会自动下载 U2-Net 模型(约 170MB),需要网络

The documentation discloses that first use may download a model over the network. This is purpose-aligned for rembg/U2-Net processing, but it is an external dependency users should be aware of.

User impactFirst use may require network access and may download a large model file to the local environment.
RecommendationUse the skill only in an environment where downloading the model is acceptable, and review/cache the model source if supply-chain control is required.