Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bg Remove
v1.0.0智能识别并移除图片背景,支持多格式批量处理,输出带透明通道的PNG,可选本地或云端模型。
⭐ 0· 133·0 current·0 all-time
by@sxliuyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, script, and metadata consistently describe a local image background-removal tool using rembg/Pillow. However, SKILL.md and descriptions mention support for 'cloud models' and list onnxruntime as a dependency while _meta.json and the script only declare rembg and pillow. The script exposes model choices including 'RMBG-1.4' but contains no explicit logic for selecting a remote/cloud endpoint. This is a minor mismatch between claimed capabilities (cloud option, onnxruntime) and what the package actually implements.
Instruction Scope
SKILL.md and the Python script are focused on reading image files and writing PNG outputs. The runtime instructions and code only reference input/output paths and do not read environment variables, unrelated local files, or system secrets. No instructions direct data to external endpoints. The SKILL.md is fairly specific and does not grant broad discretionary access.
Install Mechanism
There is no install spec (instruction-only with an included script), so nothing is automatically written by a platform installer. SKILL.md and the script indicate that required Python packages must be installed and that '首次使用会自动下载模型文件' (first use will auto-download model files). That implies network activity to fetch model weights at runtime (handled by rembg or related libs), which is expected for model-based tools but is an implicit operation you should be aware of. No install URLs or arbitrary archives are included.
Credentials
The skill requests no environment variables, no credentials, and only file read/write permissions which are required for image processing. The number and type of permissions are proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform persistence. It does not attempt to modify other skills or system-wide configuration. Autonomous invocation is allowed (platform default) but not combined here with other concerning privileges.
What to consider before installing
This skill's code matches its purpose: local image background removal using rembg and Pillow. Before installing or running it, consider: (1) rembg (or its dependencies) may automatically download model weights from the internet on first run — if you need to control network access or trust the model source, run in a sandbox or pre-download vetted model files; (2) SKILL.md mentions onnxruntime and 'cloud models' but the package metadata and script don't implement cloud endpoints or declare onnxruntime as a dependency — if you rely on those features, ask the author for clarification or verify behavior; (3) install dependencies in a virtualenv and inspect where models are downloaded from (rembg documentation) to confirm you are comfortable with the remote hosts. If you are unsure about automatic downloads or running third-party Python packages, test the skill on non-sensitive images in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk979a25sn569peaxzcqhvswgf5832703
License
MIT-0
Free to use, modify, and redistribute. No attribution required.