Skillv1.0.0

ClawScan security

Comic Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 1:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions ask the agent to run undocumented local scripts and upload generated images to an external database using undeclared secrets and endpoints — the behavior is plausible for the described purpose but contains multiple unexplained and disproportionate requirements.
Guidance: This skill looks like it can do what it claims, but it has several unexplained and potentially risky requirements. Before installing or enabling it: 1) Ask the publisher for the provenance of /usr/lib/node_modules/openclaw/skills/nano-banana-pro/scripts/generate_image.py and what 'uv' is — verify the script is safe and bundled with the skill or comes from a trusted package. 2) Require the skill metadata to explicitly declare required environment variables (e.g., GEMINI_API_KEY, CONVEX_URL) and explain why each is needed and which host CONVEX_URL points to. 3) Insist the skill not auto-run commands without explicit user consent; change instructions so the agent asks the user before executing generation/upload steps. 4) If you must test it, run it in an isolated sandbox or VM and inspect the local script code and the destination server (CONVEX_URL) to ensure it does only what you expect. 5) If the publisher cannot explain the hidden dependencies and endpoints, do not install or grant secrets — treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe description says 'generate vintage comic-book style illustrations', which matches the documented runtime commands, but the SKILL.md requires calling a hard-coded local script at /usr/lib/node_modules/openclaw/skills/nano-banana-pro/scripts/generate_image.py and posting to a CONVEX_URL endpoint. The skill metadata declares no dependencies or env vars, yet the runtime requires GEMINI_API_KEY and CONVEX_URL and expects a preinstalled 'nano-banana-pro' script — these are not justified or declared, so the requested resources do not clearly belong to this skill's stated scope.
Instruction Scope: concernThe SKILL.md instructs the agent to immediately run a bash command (without asking the user) that injects GEMINI_API_KEY into the environment, run a local script to generate an image, base64 the result, and POST it to a remote API. It also references knowledge_search and Postiz scheduling without declaring those tools. The instructions therefore access local filesystem paths and an external endpoint and demand immediate execution, which is broader and more prescriptive than the skill metadata implies.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk in itself. However, the instructions depend on a preinstalled script at a specific system path (/usr/lib/node_modules/.../generate_image.py) and expect 'uv run' to exist; neither the presence nor provenance of that script is declared. Relying on an undocumented, preinstalled binary/script is a hidden dependency and increases risk.
Credentials: concernThe SKILL.md references sensitive environment values (GEMINI_API_KEY and CONVEX_URL) and uses them to call an external image-generation process and to upload generated images, but the skill's required env vars and primary credential fields are empty. Asking for API keys and an upload endpoint without declaring them or explaining why they are needed is disproportionate and opaque.
Persistence & Privilege: concernalways is false (good), but the instructions require persisting generated images to an external media store (the CONVEX URL) and producing permanent URLs to be shared. Combined with the undocumented secrets and the command to run without asking the user, this grants the skill the ability to exfiltrate generated content and any prompt text to an external service — a nontrivial persistence/privilege risk given the lack of transparency.