Skillv1.0.0

ClawScan security

emo-img — Give Your AI Emotional Expression · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 8:59 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (managing and sending sticker images); it reads/writes a local sticker folder and performs network searches/downloads from Tenor, and nothing in the files requests unrelated credentials or system-wide access.
Guidance: This skill appears to do what it says: search local stickers, query Tenor, download images, and send them via the agent. Before installing, note: - The skill will create and write files to ~/.openclaw/stickers (or STICKER_DIR) — pick a directory you are comfortable with. - Downloads come from external URLs (Tenor or user-supplied). Only download/trust images from sources you trust. Maliciously crafted image files can be a vector for exploits in vulnerable image parsers—use caution before opening or forwarding unknown files. - The script falls back to disabling SSL verification if it can't find a CA bundle; this increases the risk of tampered downloads on hostile networks. If possible, ensure a valid CA bundle is available or run with certifi installed. - If you have concerns about network calls or storing external content, do not enable autonomous invocation or set the skill to always-on; instead run it manually and review downloads before sending. - Optionally set TENOR_API_KEY to your API key to avoid demo rate limits, and set STICKER_DIR to a location you control. Overall the skill is coherent and proportionate for its stated function; the primary risks are typical for any tool that downloads and stores external media.

Review Dimensions

Purpose & Capability: okName/description (sticker search, download, send) matches the included script and SKILL.md. Required binary is python3 only. Declared overridable STICKER_DIR and optional TENOR_API_KEY are appropriate for a sticker manager.
Instruction Scope: noteInstructions limit actions to searching local index, calling Tenor, downloading images, and sending media via the agent's message tool. One minor mismatch: SKILL.md claims the agent will "auto-detect" channel context and "works for ALL channels" — those behaviors are provided by the agent/platform, not the script. Otherwise the runtime instructions do not request unrelated files, credentials, or system state.
Install Mechanism: okInstruction-only install (no external installers) and a small python script are included. No network-based install or archive extraction is performed at install time.
Credentials: noteNo sensitive credentials are required. The script optionally reads TENOR_API_KEY and STICKER_DIR which are relevant to its purpose. Minor concerns: the script embeds a Tenor demo API key (non-secret fallback) and, as a last resort, it creates an SSL context that disables certificate verification (ctx.verify_mode = CERT_NONE) — this weakens TLS checks for downloads and could allow MITM/tampered downloads if a host has no available CA bundle.
Persistence & Privilege: okalways:false and the script only writes inside its own sticker directory (~/.openclaw/stickers by default or STICKER_DIR). It does not modify other skills or system-wide agent configuration.