image-compress Security Report — Trusted | ClawSafe

5 /100

image-compress

Cross-platform image compression tool based on sharp, supporting format conversion and batch processing

A legitimate image compression skill using sharp with no malicious behavior detected. All scripts perform documented image processing tasks.

Skill Nameimage-compress

Duration35.3s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	compress.js reads user-specified image files
Filesystem	`WRITE`	`WRITE`	✓ Aligned	compress.js writes compressed images to ~/Downloads/compressed-images/
Shell	`NONE`	`READ`	✓ Aligned	detect-env.js and install.js use execSync for version checks and npm install - l…
Network	`NONE`	`NONE`	—	No network requests made by the skill

10 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:3

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

README.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue

README.md:4

🔗

Medium External URL 外部 URL

https://openclaw.ai

README.md:4

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/Powered%20by-sharp-brightgreen

README.md:5

🔗

Medium External URL 外部 URL

https://sharp.pixelplumbing.com

README.md:5

🔗

Medium External URL 外部 URL

https://sharp.pixelplumbing.com/

README.md:251

🔗

Medium External URL 外部 URL

https://nodejs.org/en/download

scripts/detect-env.js:33

🔗

Medium External URL 外部 URL

https://deb.nodesource.com/setup_lts.x

scripts/detect-env.js:44

🔗

Medium External URL 外部 URL

https://rpm.nodesource.com/setup_lts.x

scripts/detect-env.js:45

File Tree

9 files · 41.2 KB · 1576 lines

Markdown 3f · 944L JavaScript 4f · 618L JSON 2f · 14L

├─ ▾ 📁 references

│ └─ 📝 technical.md Markdown 158L · 3.4 KB

├─ ▾ 📁 scripts

│ ├─ 📜 compress.js JavaScript 389L · 11.7 KB

│ ├─ 📜 detect-env.js JavaScript 109L · 2.6 KB

│ ├─ 📜 install.js JavaScript 45L · 1.0 KB

│ └─ 📜 post-install.js JavaScript 75L · 2.5 KB

├─ 📋 config.example.json JSON 4L · 114 B

├─ 📋 package.json JSON 10L · 208 B

├─ 📝 README.md Markdown 531L · 12.8 KB

└─ 📝 SKILL.md Markdown 255L · 6.9 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`sharp`	`^0.33.5`	npm	No	Stable image processing library, widely used
`commander`	`^12.1.0`	npm	No	Standard CLI argument parser

Security Positives

✓ Uses sharp library - a well-known, reputable image processing tool

✓ No credential harvesting or sensitive data access

✓ No data exfiltration or C2 communication

✓ No obfuscation or base64-encoded payloads

✓ No hidden functionality - all operations match documentation

✓ Writes to dedicated output directory, never overwrites originals

✓ Dependencies (commander, sharp) are legitimate and widely used

✓ Safe file handling with auto-naming to prevent collisions

Scan Report

File Tree

Dependencies 2 items

Security Positives