Scrapbook-Style Illustration Inserter
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches its illustration purpose, but it runs shell commands and reads broad local API-key config files, including a Claude config path, which could use or expose the wrong credential.
Review before installing. Prefer setting a dedicated GLM_API_KEY or OPENROUTER_API_KEY in the environment, and avoid relying on generic config files. Consider editing the script to remove ~/.claude/config.json and generic api_key lookup. Do not use the shell command pattern with untrusted/generated text unless arguments are safely passed without shell expansion. Avoid sending confidential articles unless you accept the selected provider's data handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local API key meant for another tool or provider could be selected and transmitted as an authorization token, potentially exposing or consuming the wrong credential.
The script can read a generic key named api_key from local agent/config files, including ~/.claude/config.json, and treat it as a GLM credential. That is broader than a provider-specific GLM_API_KEY/OPENROUTER_API_KEY contract and could accidentally send an unrelated API key to the GLM endpoint.
config_paths = ["config.json", os.path.expanduser("~/.openclaw/config.json"), os.path.expanduser("~/.claude/config.json")]
...
def load_glm_key() -> str:
key = _load_key_from_env_and_configs("GLM_API_KEY", "api_key")Use dedicated GLM_API_KEY or OPENROUTER_API_KEY environment variables, remove the ~/.claude/config.json and generic api_key fallback, and update metadata to declare the credential requirements clearly.
A specially crafted article or generated prompt could cause unsafe local command behavior if passed through a shell exactly as shown.
The instructions put article-derived image descriptions into shell commands and encourage background/concurrent execution, but do not specify safe argument passing or escaping. If description text contains shell metacharacters and the agent follows the shell example, it could execute unintended commands.
python3 scripts/generate.py "<description_1>" --language <lang> --size 1088x1920 & ... The agent MUST issue all exec calls in a single tool-use turn so they run in parallel.
Invoke the script with structured argv/no-shell execution or stdin, avoid constructing shell strings from generated text, and require command review before running parallel jobs.
The runtime may fail unless requests is installed, and installing an unpinned package depends on the user's Python package source and environment.
The skill depends on a Python package but provides no install spec or pinned dependency version. This is common for simple scripts, but users should be aware of the unpinned dependency.
Python 3 + `requests` library: `pip install requests`
Declare Python/requests in install metadata, pin or constrain dependency versions, and install in a trusted virtual environment.
Private or unpublished article content may be reflected in prompts sent to external providers.
The script sends generated image prompts to GLM or OpenRouter. This is expected for an image-generation skill, but those prompts may be derived from the user's article.
url = "https://open.bigmodel.cn/api/paas/v4/images/generations" ... url = "https://openrouter.ai/api/v1/chat/completions" ... response = requests.post(url, headers=headers, json=body, timeout=120)
Use this only with content you are comfortable sending to the selected provider, and review provider data-retention terms for sensitive articles.