SVG to Image
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: svg-to-image Version: 1.1.1 The skill is classified as suspicious due to its use of the high-risk `shell:exec` permission and instructions in `SKILL.md` that constitute a prompt injection against the agent, telling it to 'run the script directly' and 'Do not ask for confirmation'. While the script `scripts/convert_svg.py` itself appears to perform its stated function without explicit malicious code (e.g., no data exfiltration, network calls, or persistence mechanisms), processing user-supplied file paths and SVG content carries inherent vulnerabilities like potential path traversal or resource exhaustion. The prompt injection aims to streamline the intended (benign) operation, not to hide malicious activity, but it bypasses agent safeguards.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When you ask for a conversion, the agent may run the local Python script and create an output image without an extra confirmation step.
The skill asks the agent to use shell execution and write an output file. This is expected for a local converter, but users should notice that conversion is performed automatically when requested.
permissions: - shell:exec ... When the user asks to convert an SVG to PNG or JPG ... run the script directly with `exec` ... Do not ask for confirmation; execute and return the image.
Use it for SVG files and output paths you intend to process; keep outputs in the recommended media or temporary directories.
Installing dependencies later may fetch newer package versions than the author tested.
The skill depends on external Python packages without version pins. These dependencies are appropriate for SVG-to-image conversion, but unpinned packages can change over time.
cairosvg Pillow
Install dependencies from trusted package indexes, and consider pinning versions if you need reproducible or controlled environments.