Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
design pick2
v1.0.0Generates multi-themed food collages (Viral Cakes, Street Food, Smoothie Bowls, Coffee Art, Fusion Tacos). Use when user asks for a collage of specific food...
⭐ 0· 261·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims only to generate local collages, but the repository contains a separate image-generation script that calls Cloudflare's AI API using an embedded ACCOUNT_ID and bearer token. The SKILL.md does not mention any cloud API usage or required credentials, so the presence of those credentials is unexplained and disproportionate to the documented purpose.
Instruction Scope
SKILL.md instructs running the local generate_collage.py which expects local images at collages/{theme}/<letter>.png and a specific font path. It does not instruct how to produce or fetch those images nor mention the generate_image.py script. The collage script references absolute/host-specific paths (/root/.openclaw workspace in usage example, font path /usr/share/...), granting the agent implicit access assumptions about host filesystem and installed fonts.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself, but the included generate_image.py will issue outbound network requests via curl (invoked through subprocess.run shell=True). No external packages are being installed, but the script will execute shell commands and write to /tmp and the workspace when run.
Credentials
The skill declares no required env vars or credentials for the user, yet the code contains hardcoded sensitive-looking values (Cloudflare ACCOUNT_ID and Bearer TOKEN). These embedded secrets are not justified or documented in SKILL.md. Embedding third-party credentials in shipped code is a serious red flag — it may be stale, abused, or expose a third-party account.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not appear to modify other skills or global agent settings. There is no explicit persistent installation mechanism.
Scan Findings in Context
[embedded-credential] unexpected: scripts/generate_image.py contains hardcoded ACCOUNT_ID and TOKEN values used as a Bearer token to call Cloudflare's AI endpoint. This is not declared in SKILL.md and is unexpected for a simple collage generator.
[outbound-network-call] unexpected: generate_image.py invokes curl to contact https://api.cloudflare.com/... which is not mentioned in SKILL.md usage instructions. The collage generation instructions do not document network image generation or the need for credentials.
What to consider before installing
Do not run or install this skill until you verify why a Cloudflare account ID and bearer token are embedded in the code. Questions to ask the publisher: who owns that Cloudflare account, is it intended to be public, and will using it incur cost or data exposure? If you control the skill, remove the hardcoded credentials and require the user to supply their own API key via an environment variable (and document that in SKILL.md). Also verify that the expected image files (collages/{theme}/*.png) and the referenced font exist in your environment — the collage script assumes local images rather than fetching them. If you do not trust the embedded token, do not run generate_image.py; instead generate or provide images locally and run generate_collage.py only after inspecting the files and paths.Like a lobster shell, security has layers — review code before you run it.
latestvk97acq0xh5xmxjjd8rvg1k4tzh82qjpw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.