ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Segment Anything

v1.0.0

使用 SAM(Segment Anything Model)去除图像背景,将前景主体提取为透明 PNG。适用于去除背景、抠图、提取前景主体或图像分割等需求。

0· 160·1 current·1 all-time
by@scikkk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SAM-based background removal) matches the included script and requested packages (Pillow, numpy, torch, torchvision). The script downloads official SAM checkpoints and optionally installs the segment_anything package — all actions are coherent with the stated functionality.
Instruction Scope
SKILL.md instructs running the included script and explains behavior (prompt points, cache path ~/.cache/sam, automatic checkpoint download). Instructions do not ask to read unrelated files or exfiltrate data, but the runtime will auto-install the segment_anything package if missing and download large model weights.
Install Mechanism
Install spec lists PyPI packages (pillow, numpy, torch, torchvision) which are expected. The script also runs pip install git+https://github.com/facebookresearch/segment-anything.git at runtime if needed. Model checkpoints are downloaded from dl.fbaipublicfiles.com (Facebook's public host) — no suspicious shorteners or private domains.
Credentials
No environment variables, credentials, or config paths are requested. The script only writes to an application cache directory (~/.cache/sam) and the output locations provided by the user.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It will install Python packages into the running environment and persist model files under ~/.cache/sam; this modifies the local environment but is expected for ML model usage.
Assessment
This skill appears to do what it claims. Before installing, consider: (1) model weights can be large (vit_h ~2.5GB) — ensure you have bandwidth and disk space; (2) it will install Python packages (torch, torchvision, and may pip-install the segment_anything repo) which run code on your machine — if you run in a shared/production environment, prefer reviewing the segment_anything repository or running inside a contained environment (virtualenv/container); (3) downloads occur from GitHub and dl.fbaipublicfiles.com (official hosts), so network access is required; (4) no credentials are requested. If any of these behaviors are unacceptable, do not install or run without isolation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5bmpz6f034xst4ajryrhms82xh3d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3

Install

uvuv tool install pillow
uvuv tool install numpy
uvuv tool install torch
uvuv tool install torchvision

Comments