Skillv1.0.2

ClawScan security

Image Processing Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 10:33 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (local image conversion, compression, resizing, PDF export); nothing appears to try to access external services or request unrelated credentials, though there are a few minor oddities to be aware of before installing.
Guidance: This skill appears to do exactly what it claims: local image conversion, compression, resizing, batch operations and image→PDF using Pillow and img2pdf. Before installing: (1) run installation commands inside an isolated Python virtual environment as the SKILL.md recommends; (2) be aware that scripts/selftest.py will create a 'tmp' directory outside the skill folder (WORK path uses ROOT.parent.parent) — run it only if you are comfortable with that; (3) the README suggests using an auxiliary tool 'uv' (e.g. 'uv venv') which is not declared as required — you can ignore those lines and use python -m venv / pip instead; (4) inspect the scripts if you will run them on sensitive directories (they write new files by default, can overwrite with --overwrite); (5) there are no network calls or credential requests in the code, so the main risk is accidental local file modification rather than exfiltration. If you want more assurance, run the selftest and operations in a disposable sandbox or container first.

Review Dimensions

Purpose & Capability: okThe name/description (local image processing) aligns with the included Python scripts (convert, compress, resize, batch, to_pdf, utilities). Required packages (Pillow, img2pdf) are appropriate for the stated functionality and no unrelated credentials or binaries are requested.
Instruction Scope: noteSKILL.md instructions are focused on installing dependencies in a virtualenv and running the local scripts; the scripts operate only on files/paths supplied by the user. Two minor scope notes: (1) the README uses a tool invocation 'uv venv' / 'uv pip' (an undocumented wrapper) — an alternative venv workflow is provided but 'uv' is not declared as a required binary; (2) scripts/selftest.py seeds test images and writes to a WORK directory computed as ROOT.parent.parent / 'tmp' / ... which is outside the skill directory and may create files outside the repo when run. These are sloppy but not evidence of exfiltration.
Install Mechanism: okNo automated install step is declared; the skill is instruction-first and includes a standard requirements.txt (Pillow, img2pdf). There are no suspicious download URLs or archive extraction steps.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. All environment/credential access is proportional to a local image-processing tool.
Persistence & Privilege: okThe skill is not always-enabled, does not request elevated agent privileges, and does not modify other skills or system-wide configs. Its runtime behavior is limited to local filesystem operations.