Back to skill
Skillv1.0.0
ClawScan security
cli-anything-gimp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 15, 2026, 3:11 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match a GIMP CLI wrapper, but it asks the agent to install/run local Python code from an unverified ~/.openclaw workspace (pip install -e .) while providing no install source or package provenance—this could cause execution of arbitrary code.
- Guidance
- This skill appears to be a CLI wrapper for GIMP, but its SKILL.md tells you to pip-install code from a local workspace path (~/.openclaw/workspace/CLI-Anything/...). Before installing or running: (1) verify the contents and origin of ~/.openclaw/workspace/CLI-Anything/gimp/agent-harness — don't run pip install -e . on unknown code, (2) prefer a published package (PyPI or an official GitHub release) or request the author to provide a safe install spec, (3) run installs in an isolated environment (container or throwaway VM) if you must test, (4) ensure GIMP is the intended target and that no unexpected network or filesystem access occurs. If the publisher/source can be provided (homepage, repo, signed release), the assessment could be upgraded to benign.
Review Dimensions
- Purpose & Capability
- noteName/description claim a CLI wrapper for GIMP and the SKILL.md documents commands that match that purpose. However the skill does not declare the required binary 'cli-anything-gimp' or an install source; instead it assumes a local repo at ~/.openclaw/workspace/CLI-Anything/gimp/agent-harness. That implicit dependency is unexpected for an instruction-only skill.
- Instruction Scope
- concernThe instructions tell the agent to activate a virtualenv and run pip install (including pip install -e . in a local path). That can execute arbitrary local code and modifies the runtime environment. The SKILL.md also hardcodes paths under ~/.openclaw, assuming files exist there, which grants the skill broad discretion to run code from the user's workspace.
- Install Mechanism
- concernThere is no formal install spec in the registry. Instead, the runtime instructions instruct direct pip installs (click, numpy, Pillow, prompt-toolkit) and a local editable install (pip install -e .) from a repo path. Installing/editing local packages via pip can run arbitrary setup/build scripts; without a trustworthy source (PyPI/GitHub release) this is risky.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths beyond using a path under the agent workspace (~/.openclaw). No secrets or unrelated service tokens are requested.
- Persistence & Privilege
- okalways is false and there are no indications the skill attempts to persistently modify other skills or system-wide agent settings. It does instruct creating/using a venv under ~/.openclaw, which is limited to the agent workspace.