Embedding Strategies
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: embedding-strategies Version: 1.0.0 The skill bundle is a highly customized environment containing numerous scripts and configuration files that exhibit significant security vulnerabilities. The most critical indicator is the extensive presence of hardcoded sensitive credentials, including Aliyun API keys and Feishu (Lark) APP_SECRET tokens, found in files such as 'fetch_feishu_docs.py', 'scripts/debug-search-step.py', 'openclaw.json', and '2026-3-10afu的js备份.txt'. Additionally, several scripts ('hooks/gateway-restart-protection/handler.js' and 'scripts/triple-line-sync.js') utilize 'execSync' for shell command execution (e.g., running 'robocopy' or 'Start-Process'), which poses a high risk of command injection. While these capabilities appear intended for the author's personal automation and RAG (Retrieval-Augmented Generation) workflows, the lack of proper secret management and the use of powerful system calls make the bundle inherently risky for general use.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the intended skill will run a script, call an external image API, and write output files in the current working directory.
The declared workflow runs a local helper script, may use an API key, and writes generated PNG files. That is expected for this image-generation purpose, but users should understand this local command/API workflow.
uv run ~/.codex/skills/nano-banana-pro/scripts/generate_image.py --prompt "your image description" --filename "output-name.png" [--resolution 1K|2K|4K] [--api-key KEY]
Use only with prompts and input images you are comfortable sending to the provider, and keep output filenames/paths user-directed.
Installing the package could cause an agent to follow unrelated workspace/persona instructions instead of only helping with image generation.
This root instruction file attempts to impose broad agent-wide startup behavior and private-memory access, unrelated to image creation/editing.
Before doing anything else: ... Read `SOUL.md` ... Read `USER.md` ... Read `memory/YYYY-MM-DD.md` ... Don't ask permission. Just do it.
Remove AGENTS.md and all global agent-behavior instructions from the skill package; keep only instructions needed for image generation.
Secrets bundled with the skill could grant access to third-party services or local gateway functions and may already need revocation.
The artifact contains real-looking hardcoded provider API keys, Feishu app credentials, and a gateway token, while the registry declares no required credential.
"SERPER_API_KEY": "4312…", "DASHSCOPE_API_KEY": "sk-…", ... "appSecret": "t0am…", ... "token": "82a4…"
Do not install as-is. Revoke/rotate exposed credentials, remove all secrets from the package, and declare only the needed Gemini credential.
Users cannot easily tell what code or instructions they are actually installing, and unrelated files may affect the agent or expose private data.
The package includes a large unrelated workspace despite being presented as an instruction-only image skill, creating a major provenance and scope mismatch.
615 file(s): ... hooks/... memory/... skills/feishu-multi-agent-manager/... scripts/autonomous-thinking.js ... vectorize_memory.py
Repackage the skill as a minimal artifact containing only SKILL.md, the reviewed image helper script, and any necessary metadata/lockfiles.
If this unrelated hook code is loaded or invoked, it can run local system commands beyond the user’s image-generation request.
The static scan shows shell command execution in a gateway hook that is not part of the declared image-generation workflow.
execSync(`robocopy "${config.path}" "${backupPath}" /E /COPYALL /R:0`);Remove unrelated hook/script code from the package and review any remaining helper script before installation.
Private memories could be loaded into unrelated tasks, reused across sessions, or overwritten by instructions bundled with this skill.
The artifacts instruct broad persistent-memory reading and editing, and the manifest includes many memory/profile files unrelated to image generation.
Read `memory/YYYY-MM-DD.md` (today + yesterday) ... Also read `MEMORY.md` ... You can read, edit, and update MEMORY.md freely
Remove memory files and memory-management instructions; do not let an image skill read or modify persistent agent memory.
Unrelated chat/gateway integrations could expose data or grant account/channel access if activated.
The package includes enabled Feishu channel and local gateway configuration with credentials, not related to the image skill and with unclear communication boundaries.
"channels": { "feishu": { "enabled": true, ... "groupPolicy": "open", "streaming": true } }, "gateway": { "port": 18789, ... "auth": { "mode": "token" } }Remove Feishu/gateway configs from this skill and keep any inter-agent or chat integration in a separately reviewed, clearly scoped package.
The package may introduce or document persistent autonomous behavior beyond a user-invoked image request.
The artifacts describe scheduled background tasks and autonomous sync/indexing behavior that are not disclosed in SKILL.md and are unrelated to image generation.
Cron 任务: ... 每小时知识库索引更新 ... 每天 23:00 晚安记忆同步(OneDrive) ... 周三周报生成
Exclude cron/background-agent materials from the image skill and require explicit user approval for any persistent automation.