Skillv1.0.0

ClawScan security

doc-illustration-by-gpt-image-2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 6:27 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality (generate doc illustrations via GPT Image 2) is coherent, but the package metadata omits the actual environment credentials the runtime requires and there are a few implementation details you should review before installing.
Guidance: Before installing or running this skill: (1) Be aware you must provide an OPENAI_API_KEY (and optionally OPENAI_BASE_URL) at runtime — the registry metadata incorrectly omits these. (2) Review the script locally: it depends on the OpenAI Python client and will open and transmit any reference images you pass (they will be uploaded to the image provider). (3) The tool saves a JSON sidecar containing the prompt and metadata — avoid including secrets or confidential content in prompts if you don't want them written to disk or transmitted. (4) The script's shebang points at a developer-local path — consider running the script with your own python environment (and inspect/adjust the shebang if needed). (5) Use --dry-run first to inspect the exact prompt and payload without making live API calls, and test in a controlled environment or sandboxed account if you will submit sensitive images or prompts. If you need to proceed broadly: update the registry metadata to list OPENAI_API_KEY/OPENAI_BASE_URL explicitly, and confirm the OpenAI-compatible gateway URL is trustworthy before supplying credentials.

Review Dimensions

Purpose & Capability: noteThe name, description, SKILL.md, and included Python script consistently implement an OpenAI GPT Image 2-based illustration generator. However the registry metadata says 'Required env vars: none' while the runtime explicitly expects OPENAI_API_KEY (and optionally OPENAI_BASE_URL). That mismatch is an inconsistency in the package metadata (not necessarily malicious, but important).
Instruction Scope: okRuntime instructions and the script remain within the advertised purpose: they build prompts, optionally include reference images as style guidance, call the Images generate/edit APIs, and save PNG + JSON sidecar. The SKILL.md does not instruct the agent to read unrelated files or system secrets beyond the OpenAI credentials. It does, however, instruct saving prompts and metadata to disk (see output sidecar).
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes install-time risk. The bundled script documents a dependency on the openai Python package but does not autoinstall it. Minor oddity: the script's shebang references a user-specific path ('/Users/eriklee/.local/bin/uv run'), which is likely a leftover from the developer environment and should be reviewed but is not by itself malicious.
Credentials: concernThe skill requires an OpenAI API key (OPENAI_API_KEY) and optionally OPENAI_BASE_URL at runtime, which are proportionate to image generation. The problem: registry metadata claims no required env vars, creating a blind spot for automated permission reviews. Also note the script will optionally prompt for a temporary key in an interactive session and explicitly writes 'do not write credentials to disk' — but the JSON sidecar stores the generated prompt and metadata (which can include sensitive content), and reference image files are opened and uploaded to the image provider during reference+text mode (so local images will be transmitted).
Persistence & Privilege: okThe skill is not always:on, does not claim elevated platform privileges, and does not alter other skills. It will write generated PNGs and JSON sidecar files to an output directory (normal for this functionality). It does not persist API keys to disk per the docs.