by 安全扫描
OpenClaw
可疑
high confidenceThe skill generally matches its stated PSD-editing purpose but contains several implementation inconsistencies and privacy risks (missing wrapper scripts and dependency declarations, filesystem indexing, and a requirement to post absolute local paths to DingTalk).
评估建议
This skill appears to implement PSD automation, but I found multiple red flags you should address before installing or running it:
1) Missing dependency and wrapper files: The code imports 'sharp' and 'jszip' but the package metadata doesn't declare or install them; 'sharp' requires native build/runtime dependencies. Also run-task.js expects platform-specific wrapper scripts (e.g., psd-modify-mac.applescript, psd-modify-win.ps1, psd-export-png-win.ps1) but the package only includes .jsx ExtendS...详细分析 ▾
ℹ 用途与能力
The files (index builder, PSD modify/export ExtendScript, visual-matching, run-task orchestration) are consistent with a PSD automation tool. However the package metadata/manifest does not declare required Node native/third-party modules (sharp, JSZip) nor does the registry note system prerequisites (node, osascript, powershell). That omission is disproportionate to the described purpose and will cause failures or unexpected installation steps.
⚠ 指令范围
Runtime instructions and scripts read and write local files broadly (Desktop/Documents, arbitrary roots passed to build-index), create backups under ~/.openclaw, copy files into temporary bridge directories, and can export PNGs. Critically, the SKILL.md mandates emitting a DingTalk marker that contains an absolute file path when replying — this explicitly requires the agent to disclose local absolute paths to an external chat, which may leak sensitive filenames and directory structure. The build-index script scans given roots recursively and writes a JSON index (~/.openclaw/psd-index.json) containing file paths and optional sidecar metadata (textContents, layers) — intended but privacy-sensitive.
⚠ 安装机制
There is no install spec but the code imports non-built-in modules (sharp, JSZip). package-lock.json contains no packages. That means the skill as published is missing dependency declarations and will fail unless the operator manually installs dependencies (sharp is a native module with a nontrivial build/installation footprint). Also, run-task invokes system binaries (osascript, powershell.exe) and expects auxiliary wrapper scripts (see below) that are not present in the manifest, indicating an incomplete deployment package.
ℹ 凭证需求
The skill requests no environment variables or external credentials (good). It does access user-owned filesystem locations (home, Desktop, Documents, tmp) and creates ~/.openclaw audit/index files; this is proportionate to its function but sensitive because it indexes file paths and may read sidecar metadata (textContents). No cloud or unrelated credentials are requested.
✓ 持久化与权限
always is false and the skill does not request system-wide privileges beyond reading/writing user files under home and temp. It writes its own audit log and index under ~/.openclaw which is expected. There is no evidence it attempts to modify other skills or global agent settings.
⚠ scripts/run-task.js:153
Shell command execution detected (child_process).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/6
maintenance update
● 可疑
安装命令
点击复制官方npx clawhub@latest install psd-automator
镜像加速npx clawhub@latest install psd-automator --registry https://cn.longxiaskill.com