Skillv0.1.0

ClawScan security

Remove Watermark · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 2:04 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says — local image processing to remove light watermarks — and its code and instructions are consistent with that purpose; there are no requests for credentials, no network calls, and no opaque installers.
Guidance: This skill appears internally consistent and purely local, but take these practical precautions before use: 1) Run it on copies of your images (it may whiten pixels or irreversibly alter text if parameters are aggressive). 2) Ensure Pillow/numpy (and scipy for full mode) are available in a controlled environment or virtualenv; the SKILL.md's 'uv run --with ...' is just a runtime helper and platform-specific. 3) The agent will 'read' images during the Visual Analysis step — avoid feeding sensitive or confidential documents if you don't want their contents exposed to the model. 4) Confirm output locations before running: the script creates a sibling directory like <input_dir>_clean by default, which may place files outside the input directory. 5) Legal/ethical: removing watermarks can violate copyrights or institutional rules (e.g., exam papers). Only use for legitimate purposes. If you need higher assurance, review the script locally (it's included) and run it in a sandboxed environment.

Review Dimensions

Purpose & Capability: okThe name/description (remove watermarks from white-background document images) matches the included script and SKILL.md. Required dependencies (Pillow, numpy, optional scipy) are appropriate for image processing. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okRuntime instructions limit actions to: visually inspect an image via the agent's Read tool, run the bundled script to analyze/remove watermarks, and verify results. The SKILL.md does ask the agent to 'read' sample images (expected) and to retry up to 3 times with adjusted parameters. It does not instruct reading unrelated files, system state, or sending data to external endpoints.
Install Mechanism: okThis is instruction-only with an included Python script; there is no network installer or archive download. The SKILL.md recommends invoking via 'uv run --with Pillow --with numpy [--with scipy]' to ensure dependencies — that is a convenience for the runtime environment, not an external installer. No suspicious URLs or extraction steps are present.
Credentials: okThe skill requests no environment variables, secrets, or privileged config paths. The code only accesses image files/directories supplied by the user and writes cleaned outputs; this is proportionate to the stated function.
Persistence & Privilege: okThe skill is not set as always:true and does not request persistent system-wide privileges or modify other skills. It runs on demand and does not attempt to alter agent configuration or install persistent services.