ClawHub

emo-img — Give Your AI Emotional Expression

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill mostly matches its sticker-sending purpose, but its file-saving logic does not confine sticker names to the sticker folder.

Review or patch the path handling before installing. If you use it, avoid letting untrusted people choose sticker names or URLs, confirm the target chat before sending media, and remember that online sticker searches go to Tenor.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Medium
What this means

A malicious or careless prompt that influences the sticker name could cause the agent to create files outside the intended sticker collection under the user's account.

Why it was flagged

The CLI-provided sticker name is incorporated into a filesystem path without rejecting '..' or path separators, so a crafted name could write a copied/downloaded file outside the advertised sticker directory.

Skill content
dest_name = name or src.stem
    dest_file = STICKER_DIR / f"{dest_name}{src.suffix}"
...
    dest_name = name or "sticker"
    dest_file = STICKER_DIR / f"{dest_name}{ext}"
Recommendation

Sanitize sticker names, reject path separators and '..', resolve the final path, and enforce that all writes stay under ~/.openclaw/stickers.

#ASI02: Tool Misuse and Exploitation
Low
What this means

On affected systems, a network attacker could tamper with online sticker search or download responses, though the artifacts do not show execution of downloaded files.

Why it was flagged

If no certificate bundle is found, the helper falls back to disabling TLS certificate verification for Tenor searches and downloads.

Skill content
ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE
Recommendation

Fail closed when certificate verification is unavailable, or clearly warn the user before using an unverified connection.

#ASI07: Insecure Inter-Agent Communication
Low
What this means

Sticker search terms may reveal a small amount of chat context to an external provider.

Why it was flagged

Online searches send the user's sticker search query to Tenor, which is consistent with the disclosed online-search feature.

Skill content
url = f"https://tenor.googleapis.com/v2/search?{params}"
Recommendation

Avoid using sensitive conversation text as sticker search terms, and use an appropriately scoped Tenor API key if configuring one.

#ASI06: Memory and Context Poisoning
Low
What this means

If the local sticker index is corrupted or edited, the agent could send the wrong local file path as media.

Why it was flagged

A persistent local index controls which file paths the agent later treats as stickers to send.

Skill content
Index file: `~/.openclaw/stickers/index.json` ... Local results have a `file` path ... use the `file` path directly
Recommendation

Validate indexed file paths before sending or removing stickers, and keep entries constrained to the sticker storage directory.