ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dpi Upscaler Checker

v0.1.0

Check image DPI and intelligently upscale low-resolution images using super-resolution

0· 99·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with included code: DPIChecker and ImageUpscaler implement DPI measurement and local upscaling using PIL/OpenCV/Real-ESRGAN. No unrelated credentials, binaries, or services are requested.
!
Instruction Scope
SKILL.md instructs running scripts/main.py for check/upscale which reads input files and writes output files—expected for this tool. However, SKILL.md claims 'preserves original EXIF information' but the shown save() call does not pass EXIF data back into the output image (no exif=... passed), so that claim is inconsistent with code. The checklist mentions path traversal protection, but the code does not show explicit input path sanitization; it will recurse and read any files under the provided input path and write to the output path. No network endpoints or secret access are present in the visible code.
Install Mechanism
There is no install specification (instruction-only), which is lower risk. A requirements.txt is included but not automatically applied; it contains duplicate/incorrect entries (e.g., both 'pil' and 'pillow', 'cv2' and 'opencv-python'), which is sloppy but not directly malicious. The code references model files (e.g., EDSR_x{scale}.pb) and Real-ESRGAN but offers no automated download—user must supply models.
Credentials
The skill requires no environment variables, no credentials, and no special system-wide config. Requested access (filesystem read/write of provided paths) is proportionate to its stated functionality.
Persistence & Privilege
always is false, the skill does not request persistent agent privileges, and there's no evidence it modifies other skills or global agent settings in the visible code.
What to consider before installing
This skill appears to implement DPI checks and local upscaling, but before installing or running it consider the following: - EXIF claim mismatch: The README says it preserves EXIF, but the visible code saves images without re-attaching EXIF data. If preserving metadata matters, inspect/modify the script to pass exif=img.info.get('exif') when saving. - Path safety: The script will recurse and read any files under the supplied input path and write to the supplied output path. Provide explicit, sandboxed input/output directories and avoid running against system or home directories. Test on sample data first. - Model files: The code references optional model files (Real-ESRGAN, EDSR .pb). There is no automatic download—obtain trusted model binaries separately and verify checksums. - Dependencies: requirements.txt has duplicate/incorrect entries. Install dependencies in an isolated virtualenv before running. - Truncated file / unknown remainder: The provided main.py snippet is truncated; review the complete script to ensure there are no hidden network calls, telemetry, or unexpected behavior before trusting it with important data. Best practice: run the script in a sandboxed environment (non-root user, container or VM), back up originals, and review/modify the code for EXIF and path-validation fixes if you plan to use it on sensitive files.

Like a lobster shell, security has layers — review code before you run it.

latestvk978vev3g19x9exf2vhws4g8fn8360rq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments