blog-image-embedder
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: blog-image-embedder Version: 1.0.4 The skill contains potential shell injection vulnerabilities in SKILL.md within the 'resolve_latest_polished' and 'read_polished' workflow steps. Specifically, the use of unvalidated variables in shell commands like 'ls -t "$outputDir"/*.md' and 'cat "$polishedPath"' could allow for arbitrary command execution if the directory or filenames are manipulated. While the overall logic is consistent with the stated purpose of processing blog images, the lack of input sanitization in shell execution blocks represents a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may process the newest markdown file in the configured output directory, so an unintended draft could be used if that directory contains multiple files.
The workflow uses shell-style file listing and reading to select and load markdown content. This is consistent with the stated purpose, but it may choose the latest file in outputDir rather than only a user-specified path.
polishedPath="$(ls -t "$outputDir"/*.md | head -n 1)" ... markdownContent="$(cat "$polishedPath")"
Before running it, confirm outputDir and polishedPath point to the intended blog file.
Private or unpublished blog content could be exposed to the selected model provider during prompt generation.
The skill uses an LLM/image model flow to parse sections and generate image prompts. This is central to the skill, but it means blog titles, summaries, or prompt content may be sent to the configured model provider.
parse_sections ... llm: true ... generate_prompts ... image: true ... model: ${imageModel}Use this only with content suitable for the configured provider, and review provider/privacy settings if the blog draft is sensitive.