Skillv1.0.0

ClawScan security

Hana Image Gen MacOS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 9:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are inconsistent and contain bugs (missing output file handling, an unused TELEGRAM_BOT_TOKEN requirement, and a broken b64_json reference); functionality (calling OpenRouter and downloading URLs) matches the stated purpose, but the mismatches and errors warrant caution before installing.
Guidance: This skill appears to be trying to do what it says (generate images via OpenRouter) but contains several inconsistencies and bugs you should resolve before installing or running it with real secrets: - Do not provide credentials until fixed: OPENROUTER_API_KEY is required by the script; TELEGRAM_BOT_TOKEN is listed but unused — clarify whether the skill actually needs a Telegram token. The package metadata should declare required env vars correctly. - Fix the runtime mismatch: SKILL.md expects ../output.json but scripts/gen.py prints JSON to stdout and writes image files to /tmp. Either change SKILL.md to capture stdout into ../output.json or modify gen.py to write ../output.json. As-is, the workflow will fail. - Fix the code bug: scripts/gen.py references item.get(b64_json) (an undefined name) when constructing a data URL; that will raise an error if that branch runs. Review and correct that logic. - Review external fetch behavior: the script downloads arbitrary URLs returned by OpenRouter and writes them to /tmp. This is expected for an image generator but entails network fetches and writing data to disk — run in a sandbox and limit exposure if you have strict security requirements. - Audit OpenRouter usage: the script posts to https://openrouter.ai; confirm you trust that service and that the API key scope is limited. Consider rate limits and log handling. If you need this skill, ask the publisher to (1) update metadata to declare OPENROUTER_API_KEY, (2) remove or justify TELEGRAM_BOT_TOKEN, (3) correct SKILL.md to match gen.py behavior (or vice-versa), and (4) fix the b64_json bug. Until these issues are addressed, treat the skill as untrusted and run only in an isolated environment.

Review Dimensions

Purpose & Capability: concernThe skill claims to generate images via OpenRouter/Gemini, which legitimately requires an OPENROUTER_API_KEY — the included script uses that. However the registry metadata declares no required env vars while SKILL.md lists OPENROUTER_API_KEY and TELEGRAM_BOT_TOKEN. TELEGRAM_BOT_TOKEN is not used in the code, so its presence in SKILL.md is unexplained.
Instruction Scope: concernSKILL.md instructs the agent to run the script and then to read ../output.json with jq to extract the image path. The provided scripts/gen.py writes JSON to stdout (prints to stdout) and does not create ../output.json, so the instructions and code disagree and will fail as written. The SKILL.md also declares TELEGRAM_BOT_TOKEN required but the runtime steps do not reference or use it. The agent will download arbitrary image URLs returned by OpenRouter — expected for this purpose but worth noting as external network fetching and file writes to /tmp occur.
Install Mechanism: okThere is no install spec; this is instruction-plus-script only. No remote downloads or install-time archive extraction are present in the package, which is the lower-risk pattern for install mechanisms.
Credentials: concernThe code legitimately requires OPENROUTER_API_KEY. TELEGRAM_BOT_TOKEN is listed in SKILL.md but not referenced anywhere in the code, and the registry metadata lists no required env vars — this mismatch is disproportionate and unclear. The script performs network calls and downloads images from URLs returned by OpenRouter; no other secrets are requested.
Persistence & Privilege: okThe skill does not request permanent/always presence and does not modify system or other skills' configs. It runs on demand and writes output files to /tmp only.