SVG Draw
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent SVG drawing and PNG conversion helper; users should mainly notice that it runs a local SVG converter and depends on rsvg-convert being available.
This skill appears safe for its stated purpose. Before installing, be aware that it will write image files and invoke the local rsvg-convert tool; choose output paths carefully, verify rsvg-convert is installed from a trusted source, and confirm any external messaging destination before sharing generated images.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can cause the agent to run rsvg-convert and create or overwrite the specified PNG output file.
The bundled script executes a local system converter using supplied input/output paths and dimensions. This is the core advertised PNG conversion behavior, but it is still local command execution and file output.
rsvg-convert -w "$WIDTH" -h "$HEIGHT" "$INPUT" -o "$OUTPUT"
Use normal workspace/output paths, avoid overwriting important files, and ensure rsvg-convert is a trusted system binary.
The skill may fail unless rsvg-convert is already installed, and users may need to verify the system-provided converter themselves.
The documentation discloses reliance on rsvg-convert, while the registry requirements list no required binaries and there is no install spec. This is a metadata/dependency declaration gap, not hidden behavior.
Confirm `rsvg-convert` is installed: `which rsvg-convert`
Declare rsvg-convert as a required binary in metadata and use a trusted OS package source if installing it.
If the agent has messaging tools available, it may use this skill as part of sending the generated image externally.
The workflow suggests sharing the generated image through external messaging channels. This is consistent with delivering artwork, but channel/recipient choice should remain user-directed.
Send via the appropriate channel (DingTalk, Telegram, etc.)
Confirm the destination and recipient before sending generated images through third-party channels.