Skillv1.0.0

ClawScan security

Cloudflare Image Generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 22, 2026, 12:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose, but it embeds a Cloudflare account token in the SKILL.md and script and uses unsafe shell invocation — these are disproportionate and risky.
Guidance: Do not install or run this skill as-is. It embeds a Cloudflare bearer token and account ID in SKILL.md and the script — credentials should never be hard-coded in shared skills. If you are the owner and intend to use this skill safely: (1) remove the embedded token and require users to supply their own credentials via environment variables or a secure secrets mechanism; (2) replace shell-based curl with a safe HTTP call (e.g., python requests or subprocess.run with a list of arguments) to avoid shell injection risks from untrusted prompts; (3) avoid instructing sending images via Telegram unless the skill declares and uses Telegram credentials securely; (4) if the included token might be real, assume it is compromised and rotate/revoke it immediately. If you need help making these fixes, request a version that uses environment variables for credentials and safe HTTP calls.

Purpose & Capability: noteThe name/description (Cloudflare image generation) match the included script which calls Cloudflare's AI endpoint; functionality is coherent. However, instead of asking the user to provide their own Cloudflare credentials, the skill contains hard-coded Account ID and Token in SKILL.md and the script, which is unexpected for a shared skill.
Instruction Scope: concernRuntime instructions reference absolute paths under /home/ubuntu/.openclaw and explicitly instruct sending the result via Telegram even though no Telegram credentials or integration are declared. The script writes API responses to /tmp/cf_response.json and uses hardcoded credentials — these broaden the scope beyond a minimal image-generation helper.
Install Mechanism: okNo install spec (instruction-only + a small script). Nothing is downloaded or installed by the skill itself.
Credentials: concernNo required env vars are declared, yet a bearer token and account ID are embedded in both SKILL.md and the script. Publishing credentials inside the skill is disproportionate and risky — anyone with the skill can use that token. The skill also instructs sending images via Telegram without declaring or requesting Telegram credentials.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system settings, and does not request elevated or persistent platform privileges.