Skillv0.1.0

ClawScan security

Black Forest Labs FLUX · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 9:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the advertised FLUX image-generation functionality, but its metadata omits required environment/binary declarations and the bundled script automatically sources /root/.clawdbot/.env — behavior that could unintentionally access other secrets or surprise users.
Guidance: This skill likely does what it claims (submits prompts to api.bfl.ai and downloads images), but there are a few practical concerns to consider before installing or running it: - The script expects BFL_API_KEY but the skill metadata does not declare this — you should provide a valid BFL_API_KEY environment variable before running. Prefer setting only that key in the agent environment rather than relying on shared env files. - The script automatically sources /root/.clawdbot/.env if it exists. That file may contain other secrets (tokens, keys). Inspect /root/.clawdbot/.env and remove unrelated secrets or modify the script to avoid sourcing it if you do not want it read. - Ensure the runtime has curl and python3 available (the metadata did not list these binaries). If they are missing the script will fail. - Note the default output path (/root/clawd/output) and the script creating directories under /root; adjust paths or permissions if that is undesirable. If you want higher assurance: ask the skill author/maintainer to (1) update the manifest to declare BFL_API_KEY and required binaries, (2) remove or document the automatic sourcing of /root/.clawdbot/.env, or (3) provide an option to explicitly pass the API key rather than implicitly sourcing files.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (direct Black Forest Labs FLUX image generation) matches the script's actions (POST to https://api.bfl.ai and polling). However the package metadata declares no required environment variables or binaries, while the script requires BFL_API_KEY and uses curl and python3. This mismatch between declared requirements and actual needs is incoherent and could mislead install-time checks or users.
Instruction Scope: concernSKILL.md instructs using the bundled script and says BFL_API_KEY must be in the environment or /root/.clawdbot/.env. The script will source /root/.clawdbot/.env if present, which may load unrelated secrets or variables from that file. The script also writes output to /root/clawd/output by default. Reading/sourcing a root-scoped env file is broader scope than strictly required to accept a single API key and is worth scrutinizing.
Install Mechanism: okThere is no install spec (instruction-only plus a script). That is low-risk from an installation/download perspective; nothing is fetched or extracted at install time.
Credentials: concernThe script requires a BFL_API_KEY (and optionally BFL_MODEL/BFL_WIDTH/BFL_HEIGHT) but the skill metadata does not declare any required env vars or a primary credential. The script also sources /root/.clawdbot/.env automatically, which could expose other environment variables or secrets stored there. The requested environment access is not fully documented in the manifest.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or cross-skill privileges. It does not modify other skills' configs. Its actions are limited to making network requests to the BFL API and writing image files to the output directory.