← Back to Skills Marketplace
476
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install rembg
Description
使用 rembg AI 模型去除图片背景,生成透明背景的 PNG 图片。首次使用需运行 setup/install.py 初始化环境。
Usage Guidance
This skill appears to do what it claims (local background removal) but has several things to consider before installing:
- It will create a virtual environment in your home (~/.venv/rembg), modify your shell startup file to add that venv to PATH, and install packages from PyPI. If you prefer not to have persistent changes, run the install steps manually inside an environment you control.
- The rembg package will download model files (~176MB) from the network (GitHub releases) on first use. Expect network activity and disk usage.
- The scripts embed input file paths inside Python -c code using single-quoted strings. Filenames containing quotes or specially crafted names could break those strings and allow execution of arbitrary Python code. Avoid running these scripts on untrusted inputs, inspect and/or sanitize filenames, or adapt the scripts to pass filenames safely (e.g., via command-line args parsed with argparse or by using subprocess with a safe argument list inside the spawned Python process).
- If you are cautious: review setup/install.py and the requirements.txt, consider creating and activating your own venv and running pip install there, or run the scripts in an isolated container or VM first. If you proceed, inspect any edits to ~/.zshrc / ~/.bashrc and remove them if undesired.
Capability Analysis
Type: OpenClaw Skill
Name: rembg
Version: 0.0.1
The skill bundle contains a critical Remote Code Execution (RCE) vulnerability in 'scripts/remove_bg.py' and 'scripts/batch_remove_bg.py' where unsanitized file paths are interpolated into a Python command string executed via 'subprocess.run'. Additionally, 'setup/install.py' performs intrusive system modifications by automatically modifying shell configuration files (~/.zshrc, ~/.bashrc) and Windows environment variables to persist PATH changes. While these behaviors are aligned with the stated goal of setting up the 'rembg' tool, the lack of input sanitization and the aggressive persistence mechanisms pose a significant security risk.
Capability Assessment
Purpose & Capability
Name/description align with behavior: scripts create a local virtualenv (~/.venv/rembg), install rembg and dependencies, download models (~176MB to ~/.u2net/) and provide CLI and Python wrappers to remove image backgrounds. No unrelated credentials or external services are requested.
Instruction Scope
Runtime instructions and included scripts read/write user shell config (e.g. ~/.zshrc or ~/.bashrc), create a virtualenv under the user's home, and download packages/models from the network. The Python wrapper code embeds user-supplied file paths directly into Python -c code inside single quotes (e.g. Image.open('{input_file}')), which can be broken by filenames containing quotes or crafted input to inject Python code — this is an input-sanitization / command-injection risk.
Install Mechanism
There is no centralized install spec; instead an included setup/install.py creates a venv and runs pip install -r requirements.txt (rembg[cpu,cli]==2.0.72 and socksio). This will pull from PyPI and rembg will download model files (GitHub releases) at runtime. That is expected for this tool but entails executing third-party code and network downloads.
Credentials
The skill requests no credentials or env vars. However it modifies user shell configuration (appending virtualenv bin to PATH or setting Windows user PATH) and writes into user home (~/.venv/rembg, ~/.u2net, and output dirs). These are proportionate to providing a CLI, but they are persistent and affect the user's environment.
Persistence & Privilege
always:false and the skill is not force-enabled, but install writes persistent artifacts (virtualenv, models, and shell config edits) into the user's account. That is expected for local CLI tools but worth noting because it changes user environment and will persist until reversed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rembg - After installation, invoke the skill by name or use
/rembg - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.1
- 首个版本发布,支持使用 rembg AI 模型去除图片背景,生成透明 PNG。/ First version released, supporting background removal from images using the rembg AI model to generate transparent PNGs.
- 提供了环境初始化脚本与依赖自动安装(首次需运行 setup/install.py)。/ Includes an environment initialization script and automatic dependency installation (first-time setup requires running setup/install.py).
- 支持单张图片和批量图片去背景处理脚本。/ Supports background removal for both single images and batch processing via dedicated scripts.
- 所有操作自动创建和使用独立虚拟环境与模型目录。/ All operations automatically create and use an independent virtual environment and model directory.
- 内含详细用法说明和环境检查工具。/ Comes with detailed usage instructions and an environment verification tool.
Metadata
Frequently Asked Questions
What is rembg: remove-image-background?
使用 rembg AI 模型去除图片背景,生成透明背景的 PNG 图片。首次使用需运行 setup/install.py 初始化环境。 It is an AI Agent Skill for Claude Code / OpenClaw, with 476 downloads so far.
How do I install rembg: remove-image-background?
Run "/install rembg" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is rembg: remove-image-background free?
Yes, rembg: remove-image-background is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does rembg: remove-image-background support?
rembg: remove-image-background is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created rembg: remove-image-background?
It is built and maintained by ZeroX (@justzerox); the current version is v0.0.1.
More Skills