Back to skill
Skillv1.0.0
ClawScan security
Image magic resizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:03 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it is a small Bash wrapper around ImageMagick to resize images and only requires the ImageMagick CLI that it documents and installs.
- Guidance
- This skill appears to do exactly what it says: run ImageMagick to resize a file. Before installing, review and accept that it will run the ImageMagick binary on any file you pass to it. Important cautions: ImageMagick has historically had vulnerabilities (e.g., "ImageTragick") when processing untrusted or maliciously crafted images — keep ImageMagick up to date and consider hardening its policy.xml if you will process files from untrusted sources. The provided script is simple and readable; if you plan to use it in automation, run it with least privilege and test on benign images first. If you have any additional environment or deployment constraints (e.g., no Homebrew on your host), confirm the install step matches your environment.
Review Dimensions
- Purpose & Capability
- okName/description match the code and install: the script simply calls ImageMagick (magick/convert) to resize images; the brew install of imagemagick is appropriate and proportional.
- Instruction Scope
- okSKILL.md and the entrypoint are narrowly scoped to running the resize script. The instructions do not read unrelated files, environment variables, or send data to external endpoints; the script only reads the input file and writes the output file.
- Install Mechanism
- okInstall uses a standard Homebrew formula (imagemagick) which is an expected and low-risk way to obtain the required binaries. No arbitrary downloads or extraction from untrusted URLs are used.
- Credentials
- okNo credentials, environment variables, or config paths are requested. The required binaries listed (bash, magick/convert) are proportional to the stated purpose.
- Persistence & Privilege
- okThe skill is user-invocable and not forced-always; it does not request persistent elevated privileges or modify other skills' configs. Autonomous invocation is allowed (platform default) but not excessive here.