bg-remove 安全扫描报告 — 可信 | ClawSafe

5 /100

bg-remove

图片智能去背景工具，使用 AI 模型自动识别并移除图片背景

A legitimate image background removal tool using the rembg library with no suspicious or malicious behavior detected.

技能名称bg-remove

分析耗时26.8s

引擎pi

✓

可以安装

Skill is safe for use. Consider pinning specific versions of rembg and pillow in dependencies for better reproducibility.

安全发现 1 项

严重性	安全发现	位置
低危	Unpinned Dependencies 供应链 Dependencies rembg and pillow are not version-pinned, which could lead to unexpected behavior if major versions change `dependencies: { pip: ["rembg", "pillow"] }` → Pin specific versions like "rembg>=2.0.0,<3.0.0" and "pillow>=10.0.0,<11.0.0"	`SKILL.md:89`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md declares file:read, code reads input images at lines 52-58
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md declares file:write, code writes output at lines 61-63
网络访问	`NONE`	`NONE`	—	No network requests in script
命令执行	`NONE`	`NONE`	—	No subprocess or shell execution
环境变量	`NONE`	`NONE`	—	No os.environ access
数据库	`NONE`	`NONE`	—	No database access

3 文件 · 9.9 KB · 369 行

Python 1f · 260L Markdown 1f · 90L JSON 1f · 19L

├─ ▾ 📁 scripts

│ └─ 🐍 bg-remove.py Python 260L · 7.0 KB

├─ 📋 _meta.json JSON 19L · 639 B

└─ 📝 SKILL.md Markdown 90L · 2.3 KB

包名	版本	来源	已知漏洞	备注
`rembg`	`*`	pip	否	Version not pinned
`pillow`	`*`	pip	否	Version not pinned

✓ No shell execution or subprocess usage

✓ No credential harvesting or environment variable access

✓ No network requests or data exfiltration

✓ No obfuscation or base64-encoded payloads

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ Clear documentation matching actual implementation

✓ Uses legitimate and well-known image processing libraries (rembg, PIL/Pillow)

✓ File operations are limited to declared input/output paths only