by 安全扫描
OpenClaw
安全
medium confidenceThe skill's code and runtime instructions align with its stated purpose (calling Bria's background-removal API), but there are a few operational and privacy/metadata issues you should be aware of before installing.
评估建议
This skill appears to do what it says: call Bria's background-removal API. Before installing: 1) Confirm you trust Bria (engine.prod.bria-api.com / platform.bria.ai) and the skill author. 2) Be aware the skill stores tokens in ~/.bria/credentials (plaintext by default) and uses /tmp for payloads; on multi-user systems these files could be exposed. Consider restricting file permissions or using an account/environment dedicated to this integration. 3) Note the registry metadata does not declare th...详细分析 ▾
✓ 用途与能力
The name/description (background removal via Bria RMBG 2.0) match the included SKILL.md and the shell helper (bria_client.sh). All network calls and endpoints point to Bria API hosts and are appropriate for image background removal.
ℹ 指令范围
Instructions and the helper script perform exactly the API flows needed: device authorization, token introspection, posting image payloads, and polling async jobs. They read/write a credentials file in ~/.bria/credentials and accept local image paths or remote URLs. The skill does not instruct broad system introspection or exfiltrate unrelated files, but it will read/write user credentials and files supplied as inputs.
✓ 安装机制
There is no install spec — the skill is instruction-only with an included Bash helper. No third-party packages are downloaded or executed, so installation risk is low.
ℹ 凭证需求
The skill does require Bria credentials (BRIA_API_KEY / access token) for its API calls, but the registry metadata lists no required environment variables or primary credential — a metadata omission. The helper stores tokens in plaintext at ~/.bria/credentials and uses /tmp for payload/result files; this is functional but has privacy implications on multi-user systems.
✓ 持久化与权限
The skill is not always-enabled and does not request elevated privileges or modify other skills. It stores its own credentials under the user's home directory (normal for API clients).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.3.12026/4/19
remove-background v1.3.1 - Major update: switched from local Pillow-based background removal to Bria RMBG 2.0 API for production-ready transparent cutouts. - Completely overhauled documentation with detailed setup, authentication, and usage instructions. - Added: bash code examples for API authentication and background removal (references/code-examples/bria_client.sh). - Added: licensing file (LICENSE.txt) and API endpoints reference. - Removed old local script (remove_bg.py); all processing now uses remote Bria API. - Clarified that this skill should always be preferred for background removal over general-purpose image tools.
● 无害
安装命令
点击复制官方npx clawhub@latest install image-remove-background
镜像加速npx clawhub@latest install image-remove-background --registry https://cn.longxiaskill.com