Skillv1.0.4

ClawScan security

Openclaw Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 7:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose and requested permissions are coherent, but there are implementation inconsistencies (mismatched config names) that will likely break manual configuration and could cause unexpected behavior; no evidence of clear malicious intent was found.
Guidance: This skill appears to do what it says (generate images, posters, copy, and short videos) and needs network access to your configured AI Product Space server plus permission to read any local image file you choose to upload. Before installing: - Understand where images will be sent: by default the skill's docs point to https://renshevy.com; confirm the APS_BASE_URL you configure is a trusted endpoint. Uploaded images and prompts are transmitted to that service. - OAuth: the plugin defines an OAuth flow with very broad scopes ("*") in the manifest. Confirm the authorization screen and scopes when the browser opens; only proceed if you trust the service. - Configuration mismatch: the documentation and SKILL.md say to set APS_BASE_URL and APS_API_KEY in config.json, but the runtime code looks for context.config.baseUrl and context.config.apiKey (and falls back to process.env.APS_BASE_URL). This is likely a bug — OAuth may work if OpenClaw injects the configured APS_BASE_URL into the plugin, but manual API-key setups may fail unless you set environment variables or the differently named config keys. If you plan offline/manual usage, be prepared to set environment variables APS_BASE_URL and/or provide values under the names the runtime expects (baseUrl / apiKey), or contact the author/maintainer. - Test with non-sensitive images first. Because the skill uploads images to a remote service, avoid uploading private or proprietary photos until you verify the provider's privacy policy and that the endpoints are correct. - Verify source/trust: the package lists a homepage/repository (renshevy.com / github.com/renshevy/ai-product-space). If you require higher assurance, inspect the upstream repository, confirm the maintainer identity, or run the skill in an isolated environment. Given the implementation/config mismatches and broad OAuth scopes, treat the skill as suspicious until you verify endpoints and test the auth flow. If you can share logs or how OpenClaw populates context.config after OAuth (or a corrected config mapping), the assessment could be upgraded.

Review Dimensions

Purpose & Capability: okName/description (generate ecommerce assets from a product photo) align with the implemented tools and required permissions (network for API calls, filesystem to read user-supplied image files). The included toolset (create_space, upload_product_image, run_ecommerce_pipeline, generate_single_image, generate_video, get_space_status, list_assets) matches the described functionality.
Instruction Scope: noteSKILL.md/instructions restrict actions to creating spaces, uploading a user-provided image (local path or URL), running pipelines, polling status, and listing assets. It does not instruct reading arbitrary files or other system state. However, instructions and docs reference config keys APS_BASE_URL and APS_API_KEY for manual setup whereas the runtime code reads context.config.baseUrl and context.config.apiKey (naming mismatch) — this is a scope/behavior inconsistency that may prevent the skill from working as documented.
Install Mechanism: okNo remote download/install steps are present. The package includes compiled JS files and an OpenClaw extension entry (./dist/index.js). There are no external URLs or archive extracts in an install spec to raise high-risk concerns.
Credentials: concernThe skill requests only network and filesystem permissions which are appropriate for uploading images and making API calls. But there is a configuration naming inconsistency: documentation/config (APS_BASE_URL / APS_API_KEY) differs from what the code expects (baseUrl / apiKey) and the code also falls back to process.env.APS_BASE_URL. This mismatch could cause the skill to require setting environment vars or different config keys than documented, leading to misconfiguration or failed OAuth/manual auth flows. OAuth scopes in claw.json are listed as ["*"] — broad by default; verify the actual scopes granted by the provider before consenting.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide changes or modify other skills. It uses normal OpenClaw OAuth and config; no evidence it escalates privileges or persists beyond its own configuration.