ClawHub

qqbot-image-helper

v1.0.1

图片处理助手:将受限目录的图片复制到允许的目录,然后使用 image 工具进行分析。适用但不限于 QQBot 下载的本地图片。

0· 248·1 current·1 all-time
by@hahh9527
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with required binaries and runtime tools: the skill only needs 'cp' (declared) and the 'image' tool (declared in SKILL.md metadata). There are no unrelated env vars, config paths, or installers requested.
Instruction Scope
Instructions are narrowly scoped to listing and copying files from ~/.openclaw/qqbot/downloads/ to ~/.openclaw/media/ and then invoking the image tool. However the guidance allows copying arbitrary source paths and does not enforce file-type checks, filename sanitization, overwrite protection, or symlink handling — which could lead to accidental copying of non-image or sensitive files if inputs are not validated.
Install Mechanism
Instruction-only skill with no install spec and no downloads; nothing is written to disk by an installer. Low install risk.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The scope of required access (local filesystem paths) matches the stated purpose.
Persistence & Privilege
Does not request always:true or other elevated persistence. It is user-invocable and allows normal autonomous invocation (platform default). No modifications to other skills or system-wide settings are requested.
Assessment
This skill appears to do exactly what it says, but take a few precautions before using it: only copy verified image files (check file extensions/MIME), avoid running cp on paths you don't trust, avoid copying files owned by other users or with sensitive content, sanitize destination filenames to avoid overwrites, watch for symlink traversal (do not follow untrusted symlinks), and periodically clean the media directory. If you delegate this to an autonomous agent, restrict its allowed source paths and add explicit validation steps so it can't be instructed to copy arbitrary system files.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ryma3112qp692zze0tz17982v1gy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binscp

Comments