← 返回 Skills 市场
476
总下载
0
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install rembg
功能描述
使用 rembg AI 模型去除图片背景,生成透明背景的 PNG 图片。首次使用需运行 setup/install.py 初始化环境。
安全使用建议
This skill appears to do what it claims (local background removal) but has several things to consider before installing:
- It will create a virtual environment in your home (~/.venv/rembg), modify your shell startup file to add that venv to PATH, and install packages from PyPI. If you prefer not to have persistent changes, run the install steps manually inside an environment you control.
- The rembg package will download model files (~176MB) from the network (GitHub releases) on first use. Expect network activity and disk usage.
- The scripts embed input file paths inside Python -c code using single-quoted strings. Filenames containing quotes or specially crafted names could break those strings and allow execution of arbitrary Python code. Avoid running these scripts on untrusted inputs, inspect and/or sanitize filenames, or adapt the scripts to pass filenames safely (e.g., via command-line args parsed with argparse or by using subprocess with a safe argument list inside the spawned Python process).
- If you are cautious: review setup/install.py and the requirements.txt, consider creating and activating your own venv and running pip install there, or run the scripts in an isolated container or VM first. If you proceed, inspect any edits to ~/.zshrc / ~/.bashrc and remove them if undesired.
功能分析
Type: OpenClaw Skill
Name: rembg
Version: 0.0.1
The skill bundle contains a critical Remote Code Execution (RCE) vulnerability in 'scripts/remove_bg.py' and 'scripts/batch_remove_bg.py' where unsanitized file paths are interpolated into a Python command string executed via 'subprocess.run'. Additionally, 'setup/install.py' performs intrusive system modifications by automatically modifying shell configuration files (~/.zshrc, ~/.bashrc) and Windows environment variables to persist PATH changes. While these behaviors are aligned with the stated goal of setting up the 'rembg' tool, the lack of input sanitization and the aggressive persistence mechanisms pose a significant security risk.
能力评估
Purpose & Capability
Name/description align with behavior: scripts create a local virtualenv (~/.venv/rembg), install rembg and dependencies, download models (~176MB to ~/.u2net/) and provide CLI and Python wrappers to remove image backgrounds. No unrelated credentials or external services are requested.
Instruction Scope
Runtime instructions and included scripts read/write user shell config (e.g. ~/.zshrc or ~/.bashrc), create a virtualenv under the user's home, and download packages/models from the network. The Python wrapper code embeds user-supplied file paths directly into Python -c code inside single quotes (e.g. Image.open('{input_file}')), which can be broken by filenames containing quotes or crafted input to inject Python code — this is an input-sanitization / command-injection risk.
Install Mechanism
There is no centralized install spec; instead an included setup/install.py creates a venv and runs pip install -r requirements.txt (rembg[cpu,cli]==2.0.72 and socksio). This will pull from PyPI and rembg will download model files (GitHub releases) at runtime. That is expected for this tool but entails executing third-party code and network downloads.
Credentials
The skill requests no credentials or env vars. However it modifies user shell configuration (appending virtualenv bin to PATH or setting Windows user PATH) and writes into user home (~/.venv/rembg, ~/.u2net, and output dirs). These are proportionate to providing a CLI, but they are persistent and affect the user's environment.
Persistence & Privilege
always:false and the skill is not force-enabled, but install writes persistent artifacts (virtualenv, models, and shell config edits) into the user's account. That is expected for local CLI tools but worth noting because it changes user environment and will persist until reversed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rembg - 安装完成后,直接呼叫该 Skill 的名称或使用
/rembg触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
- 首个版本发布,支持使用 rembg AI 模型去除图片背景,生成透明 PNG。/ First version released, supporting background removal from images using the rembg AI model to generate transparent PNGs.
- 提供了环境初始化脚本与依赖自动安装(首次需运行 setup/install.py)。/ Includes an environment initialization script and automatic dependency installation (first-time setup requires running setup/install.py).
- 支持单张图片和批量图片去背景处理脚本。/ Supports background removal for both single images and batch processing via dedicated scripts.
- 所有操作自动创建和使用独立虚拟环境与模型目录。/ All operations automatically create and use an independent virtual environment and model directory.
- 内含详细用法说明和环境检查工具。/ Comes with detailed usage instructions and an environment verification tool.
元数据
常见问题
rembg: remove-image-background 是什么?
使用 rembg AI 模型去除图片背景,生成透明背景的 PNG 图片。首次使用需运行 setup/install.py 初始化环境。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 476 次。
如何安装 rembg: remove-image-background?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rembg」即可一键安装,无需额外配置。
rembg: remove-image-background 是免费的吗?
是的,rembg: remove-image-background 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
rembg: remove-image-background 支持哪些平台?
rembg: remove-image-background 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 rembg: remove-image-background?
由 ZeroX(@justzerox)开发并维护,当前版本 v0.0.1。
推荐 Skills