Gemini Painter

Type: OpenClaw Skill Name: gemini-painter Version: 1.0.0 The skill is classified as suspicious due to two main indicators in `scripts/painter.py`: a hardcoded, weak API key ("OpenClaw") used for authentication with a local service, and the direct passing of unsanitized user prompts to this local API. While the skill's stated purpose is benign (image generation), these practices introduce vulnerabilities. The hardcoded key could be exploited if the local service isn't properly secured, and the direct prompt passing creates a potential prompt injection vector against the local API service itself, which could lead to unintended behavior or exploitation if the local API is not robustly designed to handle malicious input.