main-image-editor 安全扫描报告 — 可信 | ClawSafe

5 /100

main-image-editor

Orchestrate screenshot + Chinese instruction into PSD batch edits with transaction rollback

This is a legitimate PSD batch editing skill with OCR capabilities. All shell execution is documented, necessary, and limited to image processing tools (tesseract, swift, node). No credential theft, data exfiltration, or hidden functionality detected.

技能名称main-image-editor

分析耗时31.2s

引擎pi

✓

可以安装

This skill is safe to use. No security action required.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md declares screenshot/PSD path access; code reads request JSON, PSD files…
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md documents node/tesseract execution; run-main-image-editor.js:89, intent…
网络访问	`NONE`	`NONE`	—	No network requests observed
环境变量	`NONE`	`NONE`	—	os.homedir() used only for path expansion, no env var access
技能调用	`READ`	`READ`	✓ 一致	Uses psd-automator for PSD processing, documented in SKILL.md
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

目录结构

9 文件 · 39.0 KB · 1268 行

JavaScript 3f · 1046L JSON 4f · 89L TypeScript 1f · 68L Markdown 1f · 65L

├─ ▾ 📁 examples

│ ├─ 📋 request.low-confidence.json JSON 22L · 429 B

│ ├─ 📋 request.multi.json JSON 31L · 586 B

│ ├─ 📋 request.sample.json JSON 12L · 354 B

│ └─ 📋 request.screenshot3.test.json JSON 24L · 532 B

├─ ▾ 📁 lib

│ ├─ 📜 intent-parser.js JavaScript 369L · 11.9 KB

│ └─ 📜 task-orchestrator.js JavaScript 534L · 18.1 KB

├─ ▾ 📁 scripts

│ └─ 📜 run-main-image-editor.js JavaScript 143L · 3.7 KB

├─ 📜 command-tool.ts TypeScript 68L · 1.5 KB

└─ 📝 SKILL.md Markdown 65L · 1.9 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`tesseract`	`external CLI`	system	否	OCR tool called via spawnSync when available
`swift`	`external CLI`	system	否	macOS Vision OCR fallback when tesseract unavailable
`psd-automator`	`imported module`	local	否	Core PSD processing dependency

安全亮点

✓ SKILL.md accurately documents all functionality including OCR tool usage (tesseract/Vision)

✓ Transaction rollback mechanism protects user data from corruption

✓ Snapshot-isolation mode available to prevent accidental PSD modifications

✓ Temporary files are cleaned up after execution

✓ Dry-run mode allows safe preview before execution

✓ No credential, password, or token access

✓ No external network communication

✓ No obfuscation techniques (base64, eval, etc.)

✓ TypeScript types in command-tool.ts provide clear interface contract