ClawHub

File Compression

v1.0.1

Compress files to reduce storage and transfer size. Use this skill when users ask to shrink PDFs or images, optimize upload/share size, or balance quality an...

2· 426·3 current·3 all-time
by@hexavi8
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: scripts implement PDF and image compression using Ghostscript, pikepdf, Pillow, and Sharp. Required binaries (python3, node, gs) and included dependencies are appropriate for the stated purpose. Minor inconsistency: metadata/registry lists a 'primary credential' as 'python' (and SKILL.md shows primaryEnv: 'python'), which is not a standard credential name and is unnecessary for this skill.
Instruction Scope
SKILL.md instructions are narrowly scoped to checking/installing dependencies and running the included compression scripts. The scripts operate on user-supplied input/output paths, create temporary dirs, and call local binaries; they do not reference unrelated system paths, secrets, or external network endpoints. The instructions explicitly require telling the user before running installs and showing commands, improving transparency.
Install Mechanism
There is no automatic arbitrary download/install from unknown hosts; dependencies are standard PyPI (requirements.txt) and npm (package.json) packages and system Ghostscript. The skill asks the agent to run 'pip install -r requirements.txt' and 'npm install', which is a normal, low-risk install pattern. Note: npm packages (and some Python packages) may execute code during install via lifecycle/build scripts—this is a normal supply-chain risk to be aware of.
Credentials
The skill declares no required environment variables and requests only local binaries, which is proportionate. The only oddity is the 'primary credential'/'primaryEnv' set to 'python'—there are no credentials needed for compression and no env vars used by the scripts; this metadata entry appears unnecessary or mis-specified.
Persistence & Privilege
The skill is not always-enabled and does not request permanent system/agent configuration changes. It runs as a user-invoked tool and does not modify other skills or global settings.
Assessment
This skill appears to do exactly what it says: compress PDFs/images locally using Ghostscript, pikepdf/Pillow, and Sharp as a Node fallback. Before installing or running: (1) Confirm you trust the PyPI and npm packages listed (pikepdf, pillow, sharp) because 'pip install' and 'npm install' can run package install/build scripts; review package source or lock versions if concerned. (2) Ensure Ghostscript is installed from your OS package manager. (3) The metadata's 'primary credential: python' is meaningless for operation and can be ignored. (4) The scripts operate on files you point them at—avoid running on sensitive system files or giving the skill paths to secrets. If you want extra caution, run the install and scripts in a sandbox/container or inspect the included files (they are small and readable) before executing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971h8xp3s2v445v2kgdfs688981tqvz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, node, gs
Primary envpython

Comments