Skillv2.4.0

ClawScan security

Image Paginator（律师证据长截图转PDF） · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 9:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and install steps are consistent with an image-to-paginated-PDF utility and do not request unrelated credentials or hidden network access.
Guidance: This appears to be a straightforward image-to-PDF utility. Before installing: 1) Confirm you trust the GitHub repo owner (install.sh fetches a ZIP from github.com/wux818738-alt). 2) Prefer installing into a virtualenv (pip3 install fpdf2 Pillow) to avoid altering global Python packages. 3) The installer will remove any existing ~/.qclaw/skills/image-paginator directory; back up if needed. 4) The script writes temporary images under the destination '_tiles' folder and temp JPEGs to the system temp dir; using --clean removes intermediate tiles, otherwise they remain. 5) SKILL.md instructs the agent to run 'open <path>' (macOS); on other OSes this may fail or have different privacy/behavior — be cautious if you run the skill on a remote server. 6) If you have concerns, review the included Python file (scripts/slice_n_pdf.py) yourself or run the script in an isolated environment. Note: the manifest version in SKILL.md (v2.1) differs from registry version (2.4.0) — likely not malicious, but worth confirming you have the intended release.

Review Dimensions

Purpose & Capability: okThe name/description (slice long screenshots into paginated PDF) matches the included Python script and example usage. The install script and SKILL.md request only what is needed (Pillow, fpdf2, a GitHub zip) and files are placed under ~/.qclaw/skills/image-paginator. No unrelated binaries or credentials are requested.
Instruction Scope: noteRuntime instructions stay within the stated purpose (tile images, build PDF). Minor scope issues: the SKILL.md tells the agent to always run 'open <path>' (macOS-specific) and to 'Always use --clean' — these are operational preferences rather than security risks but are platform-specific and may not apply on Linux/Windows. The guardrail 'DO NOT try to read the output PDF' is reasonable. The SKILL.md also asks the agent to resolve paths to absolute, which is expected for file operations.
Install Mechanism: okInstall.sh downloads a GitHub-hosted zip (github.com/wux818738-alt), unpacks to ~/.qclaw/skills/, and installs Python packages via pip. This is a common install pattern; the ZIP source is a GitHub repo rather than an unknown personal IP/shortener. It does install Python packages globally unless the user uses a virtualenv—this is typical but should be noted.
Credentials: okThe skill declares no required environment variables, no credentials, and does not access system config paths beyond writing its own skill directory and temporary files. This is proportionate to its purpose.
Persistence & Privilege: okalways:false and no special privileges are requested. The installer writes to the skill directory under the user's home and removes old versions; this is normal for an installed skill. The skill does not modify other skills or global system config.