Back to skill
Skillv1.0.0
ClawScan security
Annotation Visualizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 10:44 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it only reads local annotation/image files, draws boxes, and writes output images; it asks for no credentials, has no install script, and its instructions match the included code.
- Guidance
- This skill appears coherent and limited to local image/annotation visualization. Before installing or running: 1) review the included script if you want to confirm behavior (it only reads files you point it at and writes output images); 2) run it in a sandbox or with non-sensitive images if you have policy concerns; 3) ensure pillow is installed (pip install pillow) and that input paths are correct. Minor notes: the script swallows some exceptions silently and defaults class names/IDs in simple ways, so check output for correctness on your datasets.
Review Dimensions
- Purpose & Capability
- okName/description (annotation visualization) matches the files and declared behavior. The included script implements YOLO/COCO/VOC/LabelMe parsing and image drawing, which is appropriate for the stated purpose.
- Instruction Scope
- okSKILL.md instructs running the included script with local image/annotation paths and options. The runtime instructions and the script only read specified image/annotation directories and write output images; they do not request unrelated files, environment variables, or network endpoints.
- Install Mechanism
- okNo install spec; SKILL.md suggests installing pillow via pip which is proportional to drawing images. There are no downloads from external URLs or archive extraction steps.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The code does not read environment variables or secret files; requested resources are local image/annotation files as expected.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent platform privileges. It does not modify other skills or system-wide configurations.