Qwen Comic Gen
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: qwen-comic-gen Version: 1.0.0 The skill bundle contains several high-risk security vulnerabilities, most notably a potential Remote Code Execution (RCE) flaw in 'mermaid_generator.py' and 'scripts/mermaid-generator.py' due to the use of 'shell=True' within 'subprocess.run' on user-provided inputs. Additionally, multiple scripts (e.g., 'fetch_feishu_docs.py', 'scripts/debug-search-step.py', 'scripts/vectorize-and-store.py', and 'vectorize_all.py') contain hardcoded Aliyun API keys and Feishu App Secrets. While these appear to be functional tools for a personal automation environment, the combination of exposed credentials and unsafe command execution patterns poses a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it may expose your agent to much more code and instruction material than needed for image generation.
The advertised skill is a simple image generator, but the package includes a broad unrelated workspace with other skills, hooks, memory, agents, and scripts.
615 file(s): ... AGENTS.md ... memory/... hooks/... skills/feishu-multi-agent-manager/... skills/rag_search/... scripts/autonomous-thinking.js ...
Ask for a minimal package containing only SKILL.md, the reviewed image-generation helper, and declared dependencies; remove unrelated workspace files before installation.
These secrets could grant access to third-party services or accounts and create confusion about which credentials the skill might use.
The package contains hardcoded provider, Feishu, and gateway credentials unrelated to the stated Gemini image-generation purpose.
`SERPER_API_KEY`, `DASHSCOPE_API_KEY`, `appSecret`, `verificationToken`, and `gateway.auth.token` all have literal values in the file.
Do not publish or install bundles with embedded secrets; rotate the exposed credentials and require users to provide only their own Gemini key through a declared environment variable.
A compatible agent could treat these unrelated instructions as authoritative and change its behavior before handling the user's image request.
This root instruction file tells an agent to perform broad workspace setup and memory reads before anything else, unrelated to image generation.
Before doing anything else: 1. Read `SOUL.md` ... 2. Read `USER.md` ... 3. Read `memory/YYYY-MM-DD.md` ... Don't ask permission. Just do it.
Remove root-level agent instruction files from the skill package, or scope them so they cannot override the user's task or platform instructions.
Private context or stored instructions could be pulled into unrelated tasks or reused across sessions without clear user control.
The package instructs agents to load and modify persistent memory files, and the manifest includes many memory/profile files.
Read `memory/YYYY-MM-DD.md` ... Also read `MEMORY.md` ... You can read, edit, and update MEMORY.md freely
Do not bundle personal memory files with an image skill; keep any memory access opt-in, path-scoped, and clearly documented.
If unrelated hooks or scripts are activated, they could run local shell commands outside the image-generation workflow.
The static scan shows shell execution in an unrelated gateway hook; this is beyond the disclosed image-generation helper.
execSync(`robocopy "${config.path}" "${backupPath}" /E /COPYALL /R:0`);Remove unrelated executable hooks from the skill bundle, or require explicit user approval and documentation for any local command execution.
A user could unknowingly install material intended for ongoing background automation rather than a one-shot image tool.
The artifact set describes recurring autonomous tasks and memory sync behavior that are not needed for image generation.
Cron 任务 ... 每小时知识库索引更新 ... 每天 23:00 晚安记忆同步(OneDrive) ... OpenClaw Cron - 定时任务调度
Exclude cron, heartbeat, multi-agent, and sync configuration from the image skill unless persistence is required, declared, and user-controlled.