Back to skill
Skillv0.1.0
ClawScan security
object_counter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 11:33 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are internally consistent with its stated purpose (local template-based object counting); it doesn't request secrets, network access, or unusual installs, though it omits declaring normal Python dependencies.
- Guidance
- This skill appears to do what it says: local template-based object counting. Before installing or running it: 1) Review and run the script in a disposable/virtualenv environment; install required Python packages (opencv-python, numpy) yourself rather than assuming they're present. 2) Use non-sensitive local images for testing—the script processes files locally and does not transmit data, but confirm your agent/environment's filesystem permissions. 3) Note template matching has limits (false positives/negatives) and the CLI includes unused choices (denoise, super_resolution) — benign but sloppy. 4) If you plan to let an autonomous agent invoke this skill, ensure the agent's access to local directories is restricted to the image folders you intend to process.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the implementation: the included Python script performs template-matching-based object counting. Minor oddity: the CLI lists additional tools (denoise, super_resolution) as choices but only 'count' is implemented; this is likely a leftover and not a functional mismatch.
- Instruction Scope
- okSKILL.md instructs running the bundled script on local image files with CLI flags. The instructions do not ask the agent to read unrelated files, environment variables, or send data externally. The runtime behavior is limited to local image processing.
- Install Mechanism
- noteThere is no install spec (instruction-only), so nothing is written to disk by an installer. However, the script depends on Python packages (cv2/OpenCV and numpy) that are not declared; users will need to install these in their environment (e.g., via pip).
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There is no request for sensitive data or unrelated service credentials.
- Persistence & Privilege
- okThe skill is not always-enabled, does not modify other skills or system config, and contains no code to persist credentials or enable itself. It runs on-demand and does not request elevated privileges.