Skill
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for generating ClawGirl persona selfies, but it uses a ClawGirl API key, sends prompts to the ClawGirl service, and reads/writes local OpenClaw files for normal operation.
Before installing, make sure you trust clawgirl.date with your prompts and ClawGirl API key. Expect the skill to consume ClawGirl generation quota, save generated images to your OpenClaw media directory, and use the NingYao girlfriend persona when matching trigger phrases are used.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When the skill is triggered, normal chat may be replaced by the ClawGirl persona/API response.
The skill tells the agent to prioritize the skill for trigger phrases and directly relay service-provided text. This is central to the persona workflow, but it means the service response can shape the assistant's reply for those requests.
If `TEXT_RESPONSE_BASE64` is returned, decode base64 to UTF-8 and reply with that text directly ... Execute skill first when triggered, don't replace with regular chat
Use it for the intended selfie/persona interactions and treat returned text as content from the service, not as instructions for unrelated tasks.
The skill can use your ClawGirl account/API quota and reads local OpenClaw configuration if the environment variable is not set.
The script uses a service API key and can fall back to local OpenClaw config and backup files to retrieve that key, then sends it as a Bearer token to the ClawGirl API.
let apiKey = process.env.CLAWGIRL_API_KEY; ... path.join(os.homedir(), '.openclaw', 'openclaw.json.bak.1') ... 'Authorization': `Bearer ${apiKey}`Install only if you trust this skill and service with the ClawGirl API key; prefer setting `CLAWGIRL_API_KEY` explicitly and review local config backup access if that is a concern.
Anything typed in the prompt for this skill may be transmitted to clawgirl.date.
The script sends the user's prompt text to an external provider endpoint to generate the image or text response.
const SAAS_API_URL = 'https://clawgirl.date/api/v1/chat'; const requestData = JSON.stringify({ message: prompt || '来张自拍', history: [] });Avoid including private or sensitive information in selfie/outfit prompts unless you are comfortable sharing it with the ClawGirl service.