image-compress 安全扫描报告 — 可信 | ClawSafe

5 /100

image-compress

Cross-platform image compression tool based on sharp, supporting format conversion and batch processing

A legitimate image compression skill using sharp with no malicious behavior detected. All scripts perform documented image processing tasks.

技能名称image-compress

分析耗时35.3s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	compress.js reads user-specified image files
文件系统	`WRITE`	`WRITE`	✓ 一致	compress.js writes compressed images to ~/Downloads/compressed-images/
命令执行	`NONE`	`READ`	✓ 一致	detect-env.js and install.js use execSync for version checks and npm install - l…
网络访问	`NONE`	`NONE`	—	No network requests made by the skill

10 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:3

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/MIT

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue

README.md:4

🔗

中危外部 URL 外部 URL

https://openclaw.ai

README.md:4

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Powered%20by-sharp-brightgreen

README.md:5

🔗

中危外部 URL 外部 URL

https://sharp.pixelplumbing.com

README.md:5

🔗

中危外部 URL 外部 URL

https://sharp.pixelplumbing.com/

README.md:251

🔗

中危外部 URL 外部 URL

https://nodejs.org/en/download

scripts/detect-env.js:33

🔗

中危外部 URL 外部 URL

https://deb.nodesource.com/setup_lts.x

scripts/detect-env.js:44

🔗

中危外部 URL 外部 URL

https://rpm.nodesource.com/setup_lts.x

scripts/detect-env.js:45

目录结构

9 文件 · 41.2 KB · 1576 行

Markdown 3f · 944L JavaScript 4f · 618L JSON 2f · 14L

├─ ▾ 📁 references

│ └─ 📝 technical.md Markdown 158L · 3.4 KB

├─ ▾ 📁 scripts

│ ├─ 📜 compress.js JavaScript 389L · 11.7 KB

│ ├─ 📜 detect-env.js JavaScript 109L · 2.6 KB

│ ├─ 📜 install.js JavaScript 45L · 1.0 KB

│ └─ 📜 post-install.js JavaScript 75L · 2.5 KB

├─ 📋 config.example.json JSON 4L · 114 B

├─ 📋 package.json JSON 10L · 208 B

├─ 📝 README.md Markdown 531L · 12.8 KB

└─ 📝 SKILL.md Markdown 255L · 6.9 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`sharp`	`^0.33.5`	npm	否	Stable image processing library, widely used
`commander`	`^12.1.0`	npm	否	Standard CLI argument parser

安全亮点

✓ Uses sharp library - a well-known, reputable image processing tool

✓ No credential harvesting or sensitive data access

✓ No data exfiltration or C2 communication

✓ No obfuscation or base64-encoded payloads

✓ No hidden functionality - all operations match documentation

✓ Writes to dedicated output directory, never overwrites originals

✓ Dependencies (commander, sharp) are legitimate and widely used

✓ Safe file handling with auto-naming to prevent collisions