Skillv1.1.0

ClawScan security

AIGC Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 1:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent for an image-generation helper, but there are multiple inconsistencies and risky details (metadata mismatch, a hard-coded absolute path, and an unknown external API host) that warrant caution before installation.
Guidance: This skill appears to implement an image-generation workflow, but review these before installing: - Metadata mismatch: The registry summary claims no required environment variables, but SKILL.md and _meta.json require AIGC_API_KEY and related settings. Don't provide secrets until this is clarified. - Unknown provider domain: The default API host is https://tczlld.com/aistudio/api (and SKILL.md points users there to obtain keys). Verify the provider's legitimacy and privacy/security practices before using your API key. - Hard-coded path in instructions: The SKILL.md example runs the script using a Windows absolute path (C:/Users/79112/...). Ask the publisher to supply a portable, relative invocation (e.g., python3 ./scripts/generate.py) — the hard-coded path may fail or expose assumptions about the maintainer's environment. - Dependency handling: The script requires the 'requests' Python package but there is no install step. Ensure the runtime environment has requests installed or provide an approved install step. - Data flow: The script will send your AIGC_API_KEY to the provider and will download result image URLs and then may re-upload images to the provider's /ai/file/upload endpoint. If you have concerns about data retention or exfiltration, test in an isolated environment and review the provider's storage policy. Recommended actions: ask the publisher to (1) fix metadata to accurately list required env vars, (2) remove the absolute path and use a relative script path, (3) document provider identity and data handling, and (4) provide an install step or confirm dependencies. If you must test now, do so in a sandboxed account and avoid using high-privilege API keys.

Review Dimensions

Purpose & Capability: noteThe code and instructions match the stated purpose (submit image-generation tasks to an AIGC service, download results, and send images to Feishu). However the registry summary at the top says 'Required env vars: none' while SKILL.md and _meta.json require AIGC API credentials and related configuration — this mismatch is unexplained and inconsistent.
Instruction Scope: concernSKILL.md instructs the agent to spawn an isolated session and execute the bundled Python script, parse its stdout for JSON, and call feishu_doc to upload images. That scope is consistent with the purpose, but the example command uses a hard-coded absolute Windows path (C:/Users/79112/.openclaw/...), which is environment-specific and likely to fail or behave unexpectedly. The instructions also direct sending data (images) to Feishu — expected for a chat integration but users should confirm their agent's feishu_doc behavior and permissions.
Install Mechanism: noteThere is no install spec (instruction-only), which lowers installer risk. The script requires the Python 'requests' module (documented in README/_meta.json) but there is no explicit install step. That is plausible but means the environment must already provide the dependency; missing dependency handling is a practical concern.
Credentials: concernThe skill requires an API key for an external AIGC service (AIGC_API_KEY) and optionally other AIGC_* variables (AIGC_BASE_URL, AIGC_CLIENT_ID, AIGC_PROVIDER, AIGC_TIMEOUT) per _meta.json and SKILL.md. Requesting an API key is proportional to the functionality. However the top-level registry metadata claiming 'none' for required env vars contradicts the embedded metadata and docs — this inconsistency is suspicious. Also the code communicates with an unfamiliar domain (tczlld.com) which users should verify before providing credentials.
Persistence & Privilege: okalways:false and normal agent invocation; the skill does not request persistent 'always' inclusion or elevated platform privileges. It writes generated images to a workspace path (default under the user's home), which is expected for this use case but worth noting.