Segment Anything
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: segment-anything Version: 1.0.0 The skill bundle provides image segmentation using Meta's Segment Anything Model (SAM). It is classified as suspicious because scripts/segment.py uses os.system to automatically execute a 'pip install' from a remote Git repository and urllib.request to download large binary model weights (up to 2.5GB) from dl.fbaipublicfiles.com to the user's home directory (~/.cache/sam). While these actions are aligned with the stated purpose, the use of shell execution for package installation and the automatic downloading of large remote assets are high-risk behaviors that bypass standard package management and can lead to unintended side effects or supply chain risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
First use may fetch and install code from GitHub, so the exact installed code could change over time.
If the SAM Python package is missing, the script installs it from GitHub at runtime without a pinned commit or version. This is purpose-aligned and disclosed, but it is still a supply-chain point users should notice.
os.system("pip install git+https://github.com/facebookresearch/segment-anything.git -q")Install a reviewed or pinned version of segment_anything yourself before use if reproducibility or supply-chain control matters.
The skill may download hundreds of MB to several GB of model data from an external host on first use.
The script automatically downloads SAM checkpoint files from fixed external URLs into ~/.cache/sam when they are not already present. This matches the documented model workflow, but the artifacts do not show checksum verification.
urllib.request.urlretrieve(url, path, reporthook=...)
Use the --checkpoint option with a locally verified model file if you need stronger control over downloaded model artifacts.