Skillv1.0.2

ClawScan security

Fast Image · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 8:21 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (copy/compress a local image and call the openclaw CLI); no unexplained credentials, network endpoints, or install downloads are present, though there are a few implementation issues to be aware of.
Guidance: This skill appears to do what it says: compress or copy a local image then call your openclaw CLI to send it. Before installing/using: 1) Ensure you have the openclaw CLI and the sharp Node package installed. 2) Be aware of two implementation issues you may want to fix: the script uses the literal path "~/.openclaw/..." instead of expanding ~ to the home directory (so it may create a directory named "~" instead of using your home), and it spawns the openclaw command with shell: true and unescaped arguments — if you or another agent can pass untrusted file paths, that could permit shell injection. 3) Confirm you're comfortable with the script deleting the temporary file after sending (it skips deletion for channel 'qqbot'). If you want to harden it, update TMP_DIR to use os.homedir(), and invoke the CLI with spawn/execFile without shell or ensure arguments are safely escaped.

Purpose & Capability: okName/description, SKILL.md, and the bundled send_image.mjs are consistent: the script copies or compresses a local image and invokes the openclaw CLI to send it. Declared dependencies (Node, sharp, openclaw CLI) match the implemented behavior.
Instruction Scope: noteThe runtime instructions operate only on the provided image path, a temporary media directory, and the openclaw CLI. Two implementation notes: the TMP_DIR is set to the literal string "~/.openclaw/media/browser/" (the script does not expand '~' to the user's home directory), which is likely a bug/behavior mismatch; and spawn(...) is invoked with shell: true and unescaped arguments, which could allow shell injection if an untrusted actor supplies a crafted image path. The script otherwise does not read unrelated files or env vars.
Install Mechanism: okThis is instruction-only with one bundled JS file and no install spec; nothing is downloaded or written by an installer. The script requires the sharp package and the external openclaw CLI but does not automatically fetch them.
Credentials: okNo environment variables, credentials, or config paths are requested. The resources accessed (local image and a local/openclaw media directory) are proportional to the stated task.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges, does not modify other skills, and does not alter system-wide configuration. It only runs the included script when invoked.