Skillv1.0.0

ClawScan security

feishu-emoji · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 2:16 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and bundled code are consistent with its stated purpose (downloading emoji images and sending them via the OpenClaw 'message' tool); no unrelated credentials, odd installs, or hidden exfiltration endpoints were found.
Guidance: This skill appears to do exactly what it says: search for emoji images on fabiaoqing.com (or use built-in CDN mappings), download them into the OpenClaw media directory, and call the platform 'message' tool to send inline images. Before installing, ensure: (1) the runtime has Python and the required packages (requests, beautifulsoup4) or adjust the SKILL.md to install them; (2) you are comfortable with the skill writing files to /home/admin/.openclaw/media/inbound (or set OPENCLAW_MEDIA_DIR to a different directory); (3) allowing outbound HTTP(S) requests is acceptable — the skill will fetch external image URLs and could, in edge cases, reach internal endpoints if the scraped page contains such links (consider URL validation/whitelisting); (4) you’re aware of copyright and usage restrictions for downloaded images. If you need tighter security, run the skill in a sandboxed environment, add URL validation and size limits to the downloader, and ensure the 'message' tool is the official OpenClaw integration rather than an unexpected binary.

Review Dimensions

Purpose & Capability: okName/description (send inline emoji to Feishu) matches what the files and SKILL.md do: discover image URLs, download them to the OpenClaw media directory, and invoke the 'message' tool to send media. The use of fabiaoqing.com and typical image CDNs is coherent with the stated source.
Instruction Scope: noteRuntime instructions and the python script focus on searching fabiaoqing.com, downloading image URLs with a Referer header, saving into /home/admin/.openclaw/media/inbound, then calling the message tool. This stays within the stated scope. Minor risk: the skill downloads arbitrary image URLs discovered on web pages — this can cause the agent environment to make outbound requests to third-party or internal hosts (SSRF/internal network access) if the scraped data contains unexpected URLs; this is an expected tradeoff for a downloader but worth noting.
Install Mechanism: okNo install specification (instruction-only) — the skill includes a small Python script and example curl commands but does not download or execute external installers. This is low-risk from an install perspective.
Credentials: noteThe skill requests no secrets or privileged env vars. It writes into a media directory (/home/admin/.openclaw/media/inbound) which is consistent with its purpose. One minor inconsistency: SKILL.md claims 'dependencies: none (only need curl and message tool)', but the included script requires Python packages (requests, beautifulsoup4) listed in package.json — the environment must have those packages available for the script to work.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide configs. It only writes files to its media directory as expected for its function.