ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chatgpt Image Generation

v1.0.3

Generate images from ChatGPT using Playwright browser automation. Opens ChatGPT, sends prompts, waits for generation, and saves the resulting images.

0· 321·0 current·0 all-time
byAnum Mian@amian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align: both automate a browser with Playwright, send prompts, and save images. However, SKILL.md claims the login session is saved for future runs while the script launches Chromium without a persistent user data directory (so logins will not persist by default). The script also navigates to https://chatgpt.com/ rather than the commonly used chat.openai.com — this could be benign but is worth verifying.
Instruction Scope
Instructions and code stay within the stated purpose: they read a prompts file, open a browser, interact with the ChatGPT web UI, extract or fetch generated images, write numbered PNGs and a results.jsonl log, and prompt the user to press Enter after a manual login. The code does not reference unrelated files or extra environment variables.
Install Mechanism
No install spec in the registry; SKILL.md asks you to run 'npm install playwright' and 'npx playwright install chromium', which is normal for a Playwright-based script. That will download browser binaries to the machine — expected but noteworthy.
Credentials
The skill requests no environment variables or credentials. It performs browser automation and network requests only, which are proportionate to the stated functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. However, the SKILL.md's claim that the session is saved across runs contradicts the code (no userDataDir/persistent profile is used). If you expect persistent login, the script must be changed to launch a persistent context or provide a user data directory.
What to consider before installing
This skill is mostly coherent but exercise caution before running it. Things to consider: - Playwright will download and run a browser on your machine; ensure you trust the environment where you run it. - The script opens a browser and requires you to manually log into your ChatGPT account; contrary to the README, logins will not persist unless you modify the script to use a persistent user data directory (launchPersistentContext or userDataDir). If you want persistent sessions, add that intentionally and inspect the code. - The script navigates to https://chatgpt.com/ — verify that this is the intended target (you may prefer chat.openai.com). Confirm it matches the service you expect. - The script fetches images by URL found in the page; those resources are fetched over the network and written to disk. Only run with prompts and output directories you control. - Review and test the code locally before giving it access to any sensitive account. If you want persistent login, modify the script explicitly (and inspect any added code) rather than relying on the current misleading README statement. - Be aware that automating a web UI may violate the service’s terms of use; check OpenAI/ChatGPT TOS if applicable.

Like a lobster shell, security has layers — review code before you run it.

chatgptvk97fh37gy31y4w5tn60mprz3ah8297mpimagevk97fh37gy31y4w5tn60mprz3ah8297mplatestvk97d5ce568wajvc1xt3qt4erhs8283nhplaywrightvk97fh37gy31y4w5tn60mprz3ah8297mp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments