io.github.eralpozcan/vision-squeezermedia

vision-squeezer

Flagged

Cut vision-LLM token costs by snapping images to tile boundaries — Claude, GPT, Gemini, Llama, Qwen

Our take

The product is real — a Rust image optimizer that snaps images to vision-LLM tile boundaries to cut token costs — but the npm install behavior crosses the line: postinstall silently copies Claude skill files into ~/.claude/skills with no consent gate, mutating an agent-behavior surface in your home directory the moment npm install finishes, and it downloads the platform binary from GitHub releases with no checksum verification. The Claude Code plugin-marketplace path is the consented way to get these skills; the npm path just takes the liberty. Install-time writes to agent config surfaces are a flag regardless of product quality.

reviewed by hand · 2026-07-06

Something wrong or dead here? Report it

Verification record

last verified
today
github stars
2
last commit
15 days ago
archived
no
license
NOASSERTION
downloads / wk
235
latest version
0.6.0
in registry since
2026-06-20

github.com/eralpozcan/vision-squeezer