Back to skill
Skillv1.0.0
ClawScan security
AI图片生成 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 7:21 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (using the SiliconFlow API to generate images) but has a few small inconsistencies and a minor operational risk you should know about before installing.
- Guidance
- This skill appears to do what it claims: call SiliconFlow to generate images and save them locally. Before installing: (1) only provide a SiliconFlow API key you trust and consider its scope/limits on the provider side; (2) add jq to the environment or update the skill metadata to include jq in required binaries — the script and examples expect jq and will fail otherwise; (3) be aware the script will download any URL returned by the API (if the API response were malicious or compromised it could cause the agent to fetch unexpected hosts), so run first in a safe environment or audit API responses; (4) note minor doc mismatches (model ID variants and the OpenClaw config example key name differ from the skill slug) — these are usability issues, not direct security blockers. If you do not fully trust the SiliconFlow endpoint, do not provide your API key or test in an isolated environment first.
Review Dimensions
- Purpose & Capability
- okName/description, required binary (curl), and required credential (SILICONFLOW_API_KEY) match the behavior in SKILL.md and scripts: the skill posts prompts to https://api.siliconflow.cn and downloads returned images. There are no unrelated credentials or surprising endpoints.
- Instruction Scope
- concernSKILL.md and scripts parse JSON responses with jq (examples and scripts call jq), but the declared required binaries list only includes curl — jq is not declared, which will break the script or cause silent failures. The included script downloads whatever URL the API returns without validating its hostname; if the API (or a compromised response) returns an unexpected internal URL, the skill will curl that address (possible SSRF-like risk). The instructions otherwise stay within the stated purpose and do not read unrelated files or env vars.
- Install Mechanism
- okNo install spec (instruction-only plus a small helper script) — nothing is downloaded or installed by the skill itself. This is low-risk from an installation perspective.
- Credentials
- okOnly SILICONFLOW_API_KEY is required and is the primary credential declared. That matches the claimed integration with SiliconFlow. No unrelated secrets or system config paths are requested.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide settings. It will run only when invoked and uses the API key provided; autonomous invocation is allowed but is the platform default.