by 安全扫描
OpenClaw
安全
medium confidenceThe skill's requirements and runtime instructions are coherent with producing China-standard ID photos; no evidence of data exfiltration or unrelated credential requests, but a few operational notes (pip installs, model downloads, workspace paths) deserve attention before use.
评估建议
This skill appears to do what it claims (local image processing to produce standard China ID photos). Before installing or running: 1) Run the pip installs inside a dedicated virtualenv to avoid modifying system Python packages. 2) Expect the rembg library to possibly download ML model weights the first time it runs — that involves network activity (no evidence the skill uploads user photos). 3) Confirm you are comfortable with images being written to the workspace/output directory (OPENCLAW_WOR...详细分析 ▾
✓ 用途与能力
Name and description (generate Chinese ID photos) match the instructions: image processing with OpenCV, background removal, resizing and cropping to specified sizes. Required binary (python3) and Python libraries (rembg, pillow, opencv-python-headless) are appropriate for this task.
ℹ 指令范围
Instructions operate on a user-provided image path, create an output directory (uses OPENCLAW_WORKSPACE if set), and run an embedded Python script to process images. They do not instruct reading unrelated system files or transmitting results to external endpoints. One caveat: the skill claims 'completely local processing, no upload', but the rembg library often auto-downloads model weights from the network on first use unless a local model is provided — this means network activity may occur even though the script itself does not call remote APIs.
ℹ 安装机制
This is an instruction-only skill with no install spec. It tells the user to run 'pip install rembg pillow opencv-python-headless', which will fetch packages from PyPI (normal for Python tools). There is no download from unknown servers in the skill files, but the pip step and potential rembg model download imply network I/O and installation into the system Python environment unless the user uses a virtualenv.
✓ 凭证需求
No environment variables or credentials are required. The only environment reference is OPENCLAW_WORKSPACE (optional) used to choose the output folder; that is proportionate to the task.
✓ 持久化与权限
The skill is user-invocable and not always-enabled. It does not request persistent system-wide configuration changes or access to other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.2.12026/3/23
修复代码bug:img_ratio变量未定义
● 无害
安装命令
点击复制官方npx clawhub@latest install china-id-photo
镜像加速npx clawhub@latest install china-id-photo --registry https://cn.longxiaskill.com