bg-remove Security Report — Trusted | ClawSafe

5 /100

bg-remove

图片智能去背景工具，使用 AI 模型自动识别并移除图片背景

A legitimate image background removal tool using the rembg library with no suspicious or malicious behavior detected.

Skill Namebg-remove

Duration26.8s

Enginepi

✓

Safe to install

Skill is safe for use. Consider pinning specific versions of rembg and pillow in dependencies for better reproducibility.

Findings 1 items

Severity	Finding	Location
Low	Unpinned Dependencies Supply Chain Dependencies rembg and pillow are not version-pinned, which could lead to unexpected behavior if major versions change `dependencies: { pip: ["rembg", "pillow"] }` → Pin specific versions like "rembg>=2.0.0,<3.0.0" and "pillow>=10.0.0,<11.0.0"	`SKILL.md:89`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md declares file:read, code reads input images at lines 52-58
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares file:write, code writes output at lines 61-63
Network	`NONE`	`NONE`	—	No network requests in script
Shell	`NONE`	`NONE`	—	No subprocess or shell execution
Environment	`NONE`	`NONE`	—	No os.environ access
Database	`NONE`	`NONE`	—	No database access

3 files · 9.9 KB · 369 lines

Python 1f · 260L Markdown 1f · 90L JSON 1f · 19L

├─ ▾ 📁 scripts

│ └─ 🐍 bg-remove.py Python 260L · 7.0 KB

├─ 📋 _meta.json JSON 19L · 639 B

└─ 📝 SKILL.md Markdown 90L · 2.3 KB

Package	Version	Source	Known Vulns	Notes
`rembg`	`*`	pip	No	Version not pinned
`pillow`	`*`	pip	No	Version not pinned

✓ No shell execution or subprocess usage

✓ No credential harvesting or environment variable access

✓ No network requests or data exfiltration

✓ No obfuscation or base64-encoded payloads

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ Clear documentation matching actual implementation

✓ Uses legitimate and well-known image processing libraries (rembg, PIL/Pillow)

✓ File operations are limited to declared input/output paths only