Back to skill
Skillv1.0.0
ClawScan security
Image Edit Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 7:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, docs, and runtime instructions are consistent with an image-editing Pillow (PIL) toolset and do not request unrelated credentials or perform unexpected network or privileged operations.
- Guidance
- This package appears to be a straightforward Pillow-based image processing toolset: it edits and analyzes images and writes output files. Before installing or running, confirm you trust the skill owner (no homepage provided), run the scripts in a safe/test folder (to avoid accidental overwrite), and install dependencies in a virtual environment (pip install -r requirements.txt). Note that requirements.txt includes openpyxl although the code doesn't use it — harmless but unexpected. If you'll process sensitive images, review the scripts yourself to ensure they don't transmit files or call external services (none do here).
Review Dimensions
- Purpose & Capability
- okName/description (Pillow-based image editing, batch processing, watermarking, info extraction) matches the included scripts and documentation. The provided scripts implement the listed features (image_editor, batch_processor, watermark, image_info).
- Instruction Scope
- okSKILL.md instructs running the local Python scripts with file-path arguments and documents options; it does not ask the agent to read unrelated system files, access environment variables, or send data to external endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only skill). Code files are included but no external installers or downloads are invoked by the skill itself, which minimizes install-time risk.
- Credentials
- noteThe skill requests no environment variables or credentials. Minor note: requirements.txt lists 'openpyxl' though I found no code using it — likely harmless but unnecessary.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide configuration or modify other skills. Agent-autonomous invocation is allowed (platform default) but the skill's behavior is limited to local file processing when invoked.