ClawHub

Imgae Convert Skill

v0.1.2

使用 Pillow 支持常见图像格式(PNG、JPEG、GIF、BMP、TIFF、WebP)之间的相互转换和格式不变的压缩,支持质量控制、尺寸缩放和无损压缩模式。

0· 113·0 current·0 all-time
byLiuDeTao@kanocifer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (image conversion, compression, resizing) align with the included CLI script (scripts/convert.py) and the reference doc. Required capabilities are limited to Pillow; no unrelated credentials, binaries, or host services are requested. Minor notes: the published skill name has a typo ('Imgae') and the package source/homepage are unknown, but these are metadata issues, not functional mismatches.
Instruction Scope
SKILL.md limits runtime actions to installing Pillow (pip) and running the provided convert script with local files/dirs and CLI flags. The instructions do not ask the agent to read unrelated system files, environment variables, or contact external endpoints. Note: the doc mentions 'uv add Pillow' (a nonstandard/unknown package manager invocation) — this is unusual but not harmful by itself.
Install Mechanism
There is no automated install spec (instruction-only), so nothing is written to disk by an installer beyond running the included script. The README instructs the user to pip install Pillow (standard). Because there's no download/install step embedded in the skill bundle, install risk is low.
Credentials
The skill declares no required environment variables or credentials and the script does not access env vars or external secret/config paths. The requested privileges are proportional to an image-conversion tool.
Persistence & Privilege
always is false and model invocation is allowed (the platform default). The skill does not attempt to modify other skills or system-wide settings and does not request permanent presence or elevated privileges.
Assessment
This skill appears to do exactly what it says: convert and compress images using Pillow. Before installing or running it, consider: 1) install Pillow from the official PyPI (pip install Pillow) in a virtualenv to avoid contaminating system Python; ignore or verify the 'uv add' instruction if you don't know that tool; 2) inspect/track the included scripts (you already have them); run them on test images first and avoid giving it sensitive files — the script reads and writes local image files and can create output directories; 3) be aware that processing large or malformed images can consume CPU/memory (deny large uploads or limit --threads); 4) the skill source/homepage is unknown and the published name has a typo, which could indicate low maintenance — if you rely on this in production, prefer a package from a known repository or maintain your own copy. Overall the bundle is internally consistent and does not show signs of data exfiltration or unrelated access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97900ft4h35fy3qfcexw623sx839hrh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments