Image Generation (Ollama x/z-image-turbo · macOS only)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ollama-x-z-image-turbo Version: 1.0.0 The skill bundle is designed to generate images using a local Ollama instance and send them via WhatsApp. The `SKILL.md` instructs the agent to execute `runner.py` with user-provided prompts and then use an internal `message` tool to send the generated image. The `runner.py` script executes the `ollama` command via `subprocess.run`, passing the user prompt as a distinct argument, which mitigates shell injection risks. Network calls are limited to the local Ollama instance (`http://127.0.0.1:11434`) and the official WhatsApp API (`https://api.whatsapp.com/send`) for its stated purpose. There is no evidence of credential theft, data exfiltration to unauthorized endpoints, persistence mechanisms, or prompt injection against the agent itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An image request could lead to a WhatsApp message being sent from the user's account when the user only expected local generation.
The skill tells the agent to send the generated file over WhatsApp as part of the default workflow for ordinary image-generation requests, without clearly requiring the user to ask for sending, provide the recipient, or confirm the message.
Quand l'utilisateur demande de générer/créer/dessiner une image ... suivre ces étapes ... Étape 2 — Envoyer sur WhatsApp ... action: send ... channel: whatsapp ... to: <numéro>
Only send to WhatsApp after an explicit user request with a confirmed recipient and caption; otherwise generate the image locally and ask before sending.
If Ollama output is misleading or manipulated, the agent could copy and send a local file other than the intended generated image.
The runner trusts a path printed by Ollama stdout/stderr and copies any existing absolute path to the output file, which the SKILL.md workflow later sends over WhatsApp.
saved_path = _maybe_saved_path(res.stdout) or _maybe_saved_path(res.stderr)
...
if saved_path and os.path.exists(saved_path):
shutil.copyfile(saved_path, out)Restrict saved paths to the expected output directory, reject absolute/protected paths, and verify the copied file is a PNG before allowing any WhatsApp send.
Installing and using the skill runs local commands and may log the prompt and Ollama output to the agent console.
The skill runs the local Ollama CLI to generate the image. This is expected for the stated purpose and uses an argument list rather than a shell string, but users should know local code and a local model are executed.
res = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, cwd=cwd)
Use only a trusted local Ollama installation/model and avoid putting sensitive information in prompts if verbose logs are retained.
The behavior depends on whatever local Ollama service and latest model version are installed, which may vary over time.
The skill relies on an external local service and an unpinned `latest` model tag, while the registry metadata declares no required binaries or environment setup.
Prérequis - Ollama actif sur `http://127.0.0.1:11434` - Modèle installé : `x/z-image-turbo:latest`
Declare Ollama and the model as requirements, prefer a pinned model version or digest when possible, and verify the model source before use.
Messages may be sent through the user's WhatsApp-connected messaging capability.
The skill uses delegated WhatsApp messaging authority. That matches the stated purpose, but it is still an account action performed on the user's behalf.
Utiliser l'outil message : action: send channel: whatsapp to: <numéro>
Confirm the recipient and content before sending, especially when the image was generated from a broad or ambiguous request.