Skillv1.0.0

ClawScan security

design pick2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 11:38 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (building collages) but includes an unexpected network-capable script with hardcoded Cloudflare credentials and other mismatches that warrant caution before installation.
Guidance: Do not run or install this skill until you verify why a Cloudflare account ID and bearer token are embedded in the code. Questions to ask the publisher: who owns that Cloudflare account, is it intended to be public, and will using it incur cost or data exposure? If you control the skill, remove the hardcoded credentials and require the user to supply their own API key via an environment variable (and document that in SKILL.md). Also verify that the expected image files (collages/{theme}/*.png) and the referenced font exist in your environment — the collage script assumes local images rather than fetching them. If you do not trust the embedded token, do not run generate_image.py; instead generate or provide images locally and run generate_collage.py only after inspecting the files and paths.
Findings: [embedded-credential] unexpected: scripts/generate_image.py contains hardcoded ACCOUNT_ID and TOKEN values used as a Bearer token to call Cloudflare's AI endpoint. This is not declared in SKILL.md and is unexpected for a simple collage generator. [outbound-network-call] unexpected: generate_image.py invokes curl to contact https://api.cloudflare.com/... which is not mentioned in SKILL.md usage instructions. The collage generation instructions do not document network image generation or the need for credentials.

Review Dimensions

Purpose & Capability: concernThe skill claims only to generate local collages, but the repository contains a separate image-generation script that calls Cloudflare's AI API using an embedded ACCOUNT_ID and bearer token. The SKILL.md does not mention any cloud API usage or required credentials, so the presence of those credentials is unexplained and disproportionate to the documented purpose.
Instruction Scope: concernSKILL.md instructs running the local generate_collage.py which expects local images at collages/{theme}/<letter>.png and a specific font path. It does not instruct how to produce or fetch those images nor mention the generate_image.py script. The collage script references absolute/host-specific paths (/root/.openclaw workspace in usage example, font path /usr/share/...), granting the agent implicit access assumptions about host filesystem and installed fonts.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in itself, but the included generate_image.py will issue outbound network requests via curl (invoked through subprocess.run shell=True). No external packages are being installed, but the script will execute shell commands and write to /tmp and the workspace when run.
Credentials: concernThe skill declares no required env vars or credentials for the user, yet the code contains hardcoded sensitive-looking values (Cloudflare ACCOUNT_ID and Bearer TOKEN). These embedded secrets are not justified or documented in SKILL.md. Embedding third-party credentials in shipped code is a serious red flag — it may be stale, abused, or expose a third-party account.
Persistence & Privilege: okThe skill does not request permanent presence (always: false) and does not appear to modify other skills or global agent settings. There is no explicit persistent installation mechanism.