Scan Report
0 /100
gumroad-product-images
Generate professional product cover images (600x600) and preview/showcase images (1280x720) for Gumroad digital products
This is a legitimate skill for generating Gumroad product images using HTML templates, local HTTP serving, and Edge headless screenshots. No malicious behavior detected.
Safe to install
Skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:37-38 writes HTML templates |
| Network | READ | READ | ✓ Aligned | SKILL.md:45 serves local HTTP server |
| Browser | READ | READ | ✓ Aligned | SKILL.md:50-55 uses Edge headless for screenshots |
| Shell | NONE | NONE | — | PowerShell commands are documented for human execution, not automated script exe… |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No inter-skill calls |
| Clipboard | NONE | NONE | — | No clipboard access |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
http://127.0.0.1:8765/$name/$($t.file SKILL.md:70 File Tree
4 files · 8.8 KB · 214 lines Markdown 1f · 92L
JSON 1f · 62L
HTML 2f · 60L
├─
▾
assets
│ ├─
cover-template.html
HTML
│ ├─
preview-template.html
HTML
│ └─
themes.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ All functionality is clearly documented in SKILL.md with no hidden behavior
✓ No credential harvesting, exfiltration, or suspicious network activity
✓ No obfuscation, base64 payloads, or anti-analysis techniques
✓ PowerShell commands are documented instructions for humans, not automated script execution
✓ Dependencies (npx http-server, Edge headless) are standard legitimate tools
✓ No sensitive file paths accessed (~/.ssh, .env, etc.)
✓ Local network activity is confined to 127.0.0.1 only