Skillv1.0.0

ClawScan security

Pollinations Image Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 12:32 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally does what it says (generate images via Pollinations) but its runtime scripts read .env files outside the skill directory, use eval when loading env keys, and rely on undeclared CLI tools—these behaviors are disproportionate and worth caution before installing.
Guidance: This skill appears to implement a Pollinations image generator and is readable, but exercise caution before installing: 1) The scripts load .env files from the skill parent directory and the current working directory — move or audit any .env files that contain secrets so unrelated credentials aren't picked up. 2) The env loader uses eval to probe variables; untrusted .env contents could be risky—inspect .env files before running. 3) The scripts assume common CLI tools (curl, file, stat/realpath, sed, grep; python3 optional) but the metadata didn't declare these—ensure your environment provides them. 4) If you want to limit exposure, run the skill in an isolated directory or container, and don't keep sensitive keys in parent or current-directory .env files. Reviewing the provided generate.sh and lib/models.sh (they are included) is a good first step; if you need lower risk, ask the maintainer to remove loading of ../.env and $PWD/.env or to explicitly document required binaries and environment behavior.

Review Dimensions

Purpose & Capability: noteName/description match the included scripts: the code implements an image generator targeting Pollinations.ai. However the metadata declared no required binaries while the scripts clearly depend on common CLI tools (curl, file, stat/realpath, date, grep, sed, possibly python3). That mismatch is not dangerous on its own but is a coordination inconsistency the user should be aware of.
Instruction Scope: concernSKILL.md instructs local use and an optional .env in the skill dir, but generate.sh reads environment files from SCRIPT_DIR/../.env and from $PWD/.env (broader than the documentation). The loader exports every key/value it finds and uses eval to check whether a variable is already set. Loading and eval-ing arbitrary .env content can pick up unrelated secrets from parent/current directories and creates risk of accidental variable exposure or injection if those files are untrusted.
Install Mechanism: okNo install spec is present (instruction-only + shell scripts). No remote downloads or archive extraction occur. This is low risk compared to skills that fetch and run arbitrary code.
Credentials: concernDeclared requirements list no credentials, which matches API key being optional. But the script will load and export any key=value pairs found in ../.env and $PWD/.env — potentially pulling unrelated secrets into the process. It also will send POLLINATIONS_API_KEY as a Bearer header if present. Requesting no env variables is reasonable for an optional key, but the implicit reading of other .env files is disproportionate to the stated purpose.
Persistence & Privilege: noteThe skill creates and writes its own files (.user.conf, .first-run-complete) and writes generated images to $HOME/.openclaw/workspace/outputs/pollinations-image. This is normal for a CLI tool and not over-privileged, but the hard-coded OUTPUT_DIR under $HOME/.openclaw is a persistent path you may want to review or change.