main-image-editor Security Report — Trusted | ClawSafe

5 /100

main-image-editor

Orchestrate screenshot + Chinese instruction into PSD batch edits with transaction rollback

This is a legitimate PSD batch editing skill with OCR capabilities. All shell execution is documented, necessary, and limited to image processing tools (tesseract, swift, node). No credential theft, data exfiltration, or hidden functionality detected.

Skill Namemain-image-editor

Duration31.2s

Enginepi

✓

Safe to install

This skill is safe to use. No security action required.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md declares screenshot/PSD path access; code reads request JSON, PSD files…
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md documents node/tesseract execution; run-main-image-editor.js:89, intent…
Network	`NONE`	`NONE`	—	No network requests observed
Environment	`NONE`	`NONE`	—	os.homedir() used only for path expansion, no env var access
Skill Invoke	`READ`	`READ`	✓ Aligned	Uses psd-automator for PSD processing, documented in SKILL.md
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

File Tree

9 files · 39.0 KB · 1268 lines

JavaScript 3f · 1046L JSON 4f · 89L TypeScript 1f · 68L Markdown 1f · 65L

├─ ▾ 📁 examples

│ ├─ 📋 request.low-confidence.json JSON 22L · 429 B

│ ├─ 📋 request.multi.json JSON 31L · 586 B

│ ├─ 📋 request.sample.json JSON 12L · 354 B

│ └─ 📋 request.screenshot3.test.json JSON 24L · 532 B

├─ ▾ 📁 lib

│ ├─ 📜 intent-parser.js JavaScript 369L · 11.9 KB

│ └─ 📜 task-orchestrator.js JavaScript 534L · 18.1 KB

├─ ▾ 📁 scripts

│ └─ 📜 run-main-image-editor.js JavaScript 143L · 3.7 KB

├─ 📜 command-tool.ts TypeScript 68L · 1.5 KB

└─ 📝 SKILL.md Markdown 65L · 1.9 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`tesseract`	`external CLI`	system	No	OCR tool called via spawnSync when available
`swift`	`external CLI`	system	No	macOS Vision OCR fallback when tesseract unavailable
`psd-automator`	`imported module`	local	No	Core PSD processing dependency

Security Positives

✓ SKILL.md accurately documents all functionality including OCR tool usage (tesseract/Vision)

✓ Transaction rollback mechanism protects user data from corruption

✓ Snapshot-isolation mode available to prevent accidental PSD modifications

✓ Temporary files are cleaned up after execution

✓ Dry-run mode allows safe preview before execution

✓ No credential, password, or token access

✓ No external network communication

✓ No obfuscation techniques (base64, eval, etc.)

✓ TypeScript types in command-tool.ts provide clear interface contract

Scan Report

File Tree

Dependencies 3 items

Security Positives