Back to skill
Skillv1.0.0
ClawScan security
Image Quality Filter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 10:35 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose: it analyzes local images for blur/brightness/resolution and can list, move, or delete them; it does not request credentials or perform network activity.
- Guidance
- This skill appears coherent and works locally on image files. Before using it: (1) run it in 'list' mode first to review results; (2) back up your dataset or test on a small subset before using 'move' or 'delete'; (3) note that blur detection requires OpenCV—if cv2 is not installed the script will skip blur checks; and (4) because move operations do not prompt, be cautious when specifying the output directory. There are no network calls or credential requests in the code.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and the included Python script are consistent: all required functionality (blur via Laplacian, brightness, resolution, batch actions) is implemented and no unrelated capabilities (cloud access, unrelated binaries) are requested.
- Instruction Scope
- okRuntime instructions only invoke the included script on a user-specified directory. The script reads local image files and can list/move/delete them; it does not reference other system paths, environment variables, or external endpoints. Note: the delete action prompts for confirmation, while move does not.
- Install Mechanism
- okNo install spec is present (instruction-only), and the README's pip dependency list (Pillow, numpy, opencv-python) is proportional and expected for image analysis. Nothing is downloaded from arbitrary URLs.
- Credentials
- okThe skill declares no environment variables or credentials. The code does not access secrets or external service tokens.
- Persistence & Privilege
- okThe skill is not always-enabled and does not modify other skills or system-wide agent settings. It runs only when invoked and has no mechanisms for persistent background presence.