Back to skill
Skillv1.0.0
ClawScan security
Aigc.Bak · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 5, 2026, 6:33 AM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to be a local AIGC image generator but embeds and expects hidden credentials/paths and uploads to an external domain not declared in the manifest — the requested and actual behavior is not fully consistent with its description.
- Guidance
- This skill is internally inconsistent: the manifest declares no credentials but the code expects an OSS token and Feishu chat IDs and even includes a token in config.local.json. It also uploads images to an external domain (https://tczlld.com) and runs a local Feishu sender script at a hardcoded user path. Before installing, do not proceed unless you can: 1) confirm the OSS_UPLOAD_URL is trustworthy and owned by you or a trusted provider; 2) remove or rotate the embedded token in config.local.json (treat it as compromised); 3) set AIGC_OSS_TOKEN and chat IDs explicitly in a secure environment rather than relying on repo files; 4) verify the FEISHU_SENDER_SCRIPT path and inspect that script's behavior; and 5) run the skill in a sandboxed environment first. If the developer can provide (a) confirmation that the included token is dummy, (b) an explanation why the manifest doesn't list required env vars, and (c) a trusted OSS endpoint, re-evaluation could raise confidence toward benign.
Review Dimensions
- Purpose & Capability
- concernThe skill declares no required environment variables or credentials, but the code and docs clearly expect an OSS token (AIGC_OSS_TOKEN / config.local.json), FEISHU chat IDs, and a FEISHU sender script under a user-specific path. The skill's purpose (image generation) does not justify embedding or shipping an OSS token in config.local.json or hardcoding an external OSS upload URL (https://tczlld.com). Missing declarations in the manifest are incoherent with the actual needs.
- Instruction Scope
- concernSKILL.md instructs immediate reply then background generation and sending via a Feishu sender, and the code downloads generated images, writes to a user-specific local path (/Users/jackgu/.openclaw/...) and calls another local script. The SKILL.md and manifest do not surface that the agent will read config.local.json, use environment tokens, contact an external OSS endpoint, or invoke external scripts — these are implicit behaviors and broaden the skill's scope beyond what's declared.
- Install Mechanism
- noteThere is no install spec (instruction-only plus included code), so nothing is downloaded at install time. However, the code will make network requests to a non-standard external domain (tczlld.com) for OSS uploads. That endpoint is not a known official host (e.g., GitHub/GCS/AWS) and increases risk if the skill runs.
- Credentials
- concernThe manifest lists no required env vars, but generate.py reads AIGC_OSS_TOKEN and uses OPENCLAW_CHAT_ID/FEISHU_CHAT_ID. Additionally, a valid-looking JWT is shipped in config.local.json. Requesting and embedding these secrets is disproportionate for a manifest that claims none — this can leak or misuse credentials and the skill will transmit image data to an external OSS service.
- Persistence & Privilege
- notealways:false (normal). The skill will write files to user-specific directories and invoke another skill's script at a hardcoded path (FEISHU_SENDER_SCRIPT). While it doesn't request permanent platform-wide privileges, invoking and depending on other skills' scripts and writing into user workspaces increases the trust surface and coupling with other components.