通义万相 2.5D 横幅插画
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wenxiang-2d5-banner Version: 1.0.0 The bundle appears to be a full workspace dump rather than a focused skill, containing a massive amount of sensitive data including hardcoded API keys for Aliyun, Feishu, and other services in files such as 'openclaw.json', 'fetch_feishu_docs.py', and various test scripts. It includes high-privilege logic like the 'feishu-multi-agent-manager', which can modify the core 'openclaw.json' configuration, and 'autonomous-thinking.js', which allows the agent to rewrite its own memory and logs. While these features align with the stated goal of a 'self-improving' agent, the presence of leaked credentials and the ability to perform broad system and configuration modifications pose a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill could place many unrelated files and scripts into the user’s skill environment, making it hard to understand what code or instructions the agent may see or run.
A simple image-generation skill should not include a large unrelated workspace with memory stores, hooks, multi-agent code, and automation scripts.
615 file(s): ... memory/... hooks/... scripts/autonomous-thinking.js ... skills/feishu-multi-agent-manager/dist/index.js ...
Repackage the skill to include only SKILL.md, the image-generation script, and minimal declared dependencies; remove unrelated workspace files before publishing.
The agent could treat unrelated workspace instructions as authoritative and perform broad context loading or actions before handling the user’s actual image request.
This root instruction file attempts to change the agent’s default workflow and authority beyond the image-generation skill.
Before doing anything else: ... Read `SOUL.md` ... Read `USER.md` ... Read `memory/YYYY-MM-DD.md` ... Don't ask permission. Just do it.
Remove AGENTS.md from the skill package, or clearly isolate it so it cannot influence the user’s agent runtime.
Exposed credentials could allow unintended access to third-party services or local gateway functions, and may create billing or account-security risk.
The artifact includes hardcoded API keys, app secrets, and gateway tokens unrelated to the image-generation purpose.
"SERPER_API_KEY": "…", "DASHSCOPE_API_KEY": "…", "appSecret": "…", "gateway": { "auth": { "token": "…" } }Remove all secrets from the package, rotate the exposed credentials, and declare only the minimum required credential such as GEMINI_API_KEY.
Private context could be pulled into unrelated image-generation tasks or reused across sessions without clear user approval.
The bundled instructions tell the agent to load and modify persistent memory files, while the manifest includes many personal memory/profile/work files.
Read `memory/YYYY-MM-DD.md` ... Also read `MEMORY.md` ... You can read, edit, and update MEMORY.md freely in main sessions
Do not bundle personal memory files or memory-management instructions in an image skill; require explicit user selection for any input image or context.
If invoked, unrelated scripts could run system commands such as copying directories or launching other processes outside the user’s image request.
The package contains shell-executing code unrelated to generating or editing images.
execSync(`robocopy "${config.path}" "${backupPath}" /E /COPYALL /R:0`);Remove unrelated executable hooks and scripts from the skill package, and declare/review any command execution that remains necessary.
A user may not expect an image skill bundle to contain materials for scheduled background work, indexing, or cloud sync.
Included documentation describes recurring autonomous tasks and synchronization behavior unrelated to the stated image-generation skill.
Cron 任务: ... 每小时知识库索引更新 ... 每天 23:00 晚安记忆同步(OneDrive)
Exclude cron, heartbeat, sync, and autonomous-agent materials unless they are explicitly part of the skill and require clear user opt-in.