ClawHub
Back to skill
v1.0.4

Watermark Pro

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:20 AM.

Analysis

This looks like a local watermarking helper with no credential or network behavior, but it edits user-selected files and relies on unpinned Python packages.

GuidanceBefore installing, be comfortable with the listed Python packages and run the watermarking on copies of important files. Use explicit output paths, check Word headers after processing, and do not assume local processing means the documents themselves are non-sensitive.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
for para in header.paragraphs: para.clear() ... doc.save(output_path)

The Word watermark code clears existing header paragraphs before saving the output, which is a local file mutation users may not expect when simply adding a watermark.

User impactWatermarked Word outputs could lose existing header text, logos, or page-number content, especially if the output path overwrites the original file.
RecommendationUse copies or distinct output paths, and preserve or merge existing headers when adapting the Word watermark logic.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
temp_img = os.path.join(os.path.dirname(output_path), '_temp_wm.png') ... wm_img.save(temp_img) ... os.remove(temp_img)

The PDF watermark path writes a fixed-name temporary PNG in the output directory; this is scoped and local, but could overwrite an existing file with that name or leave a temp file if processing fails.

User impactA file named _temp_wm.png in the chosen output directory could be replaced during PDF processing.
RecommendationUse a unique temporary filename or a safe temporary directory, and avoid running it in directories where _temp_wm.png is important.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
dependencies: "pip install pillow python-docx python-pptx pymupdf"

The skill depends on third-party Python packages without pinned versions; these libraries are expected for the stated purpose, but dependency provenance and reproducibility are not locked.

User impactInstalling later package versions could change behavior or introduce dependency risk.
RecommendationInstall from trusted package indexes and consider pinning known-good versions before using the skill.
Human-Agent Trust Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
- 纯本地处理,无隐私风险

The artifacts support local processing and show no network calls, but the phrase 'no privacy risk' is an absolute assurance; local documents can still contain sensitive information and outputs need careful handling.

User impactUsers might underestimate the sensitivity of documents being opened and rewritten locally.
RecommendationTreat input and output documents as private data even when processing is local.