v1.3.0

IG Cropper

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:46 AM.

Analysis

This is a coherent local image-cropping skill with no evidence of exfiltration, credential use, persistence, or hidden behavior.

GuidanceThis skill appears safe for its stated purpose. Use it on screenshots you intend to process, choose the output path carefully to avoid overwriting files, and install Pillow only from a trusted source.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Pillow (`pip install pillow`)

The skill asks the user to install an external Python package without pinning a version. This is expected for an image-processing script, but it is still a supply-chain point users should notice.

User impactInstalling dependencies from the wrong source or in a shared environment could expose the user to package-management risks.

RecommendationInstall Pillow from the official Python package index or a trusted mirror, preferably in a virtual environment, and avoid running the script with elevated privileges.