Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to extract images from arbitrary webpage URLs, but the implementation only looks for mmbiz/WeChat-style image URLs (regexes target mmbiz.qpic.cn and mmbiz.* patterns). That mismatch means it may fail on non-WeChat pages despite its general description.
Instruction Scope
SKILL.md instructs only to have Node.js and pdfkit, but the script calls curl via execSync to fetch the page. The README does not declare curl as a dependency. More importantly, execSync is used with a command string incorporating the user-supplied URL: execSync(`curl -sL -A "Mozilla/5.0" "${url}"`, …). Because this is executed via the shell, a maliciously crafted URL could be used for shell/command injection. The script also writes to /tmp and the current working directory (expected) and downloads remote images (expected).
Install Mechanism
There is no install spec and no external downloads in install-time metadata; the skill is instruction + a local JS file. That is lower risk than arbitrary remote installers.
Credentials
The skill requests no environment variables or credentials and does not access any system credentials or config paths beyond writing temporary files to /tmp and the output PDF to the current directory.
Persistence & Privilege
The skill is not always-enabled, does not request persistent system-wide changes, and does not modify other skills' configurations.
What to consider before installing
This script is functionally coherent but has two actionable issues to consider before installing or running it: (1) It is narrowly targeted to WeChat (mmbiz) image URLs even though the doc claims general webpage support — expect it to miss images on many sites. (2) Command-injection risk: the code uses execSync with a shell string that includes the raw URL. If you or the agent will pass URLs you don't control, don't run it as-is. Suggested mitigations: replace the curl execSync call with a safe HTTP fetch implemented in Node (https/http or node-fetch/axios) or call curl via execFile/child_process.spawn with arguments (not via a single shell string), validate and strictly sanitize the URL (allow only https URLs and reject characters like backticks, $(), semicolons), and declare curl as a dependency in SKILL.md if you keep it. Also consider expanding or making the image-extraction regexes configurable if you expect non-mmbiz pages. Finally, test the script in an isolated environment (sandbox) before running on sensitive hosts.Like a lobster shell, security has layers — review code before you run it.
extractionvk9728mtac9heea7n7g1we65b5n821nz1imagesvk9728mtac9heea7n7g1we65b5n821nz1latestvk9728mtac9heea7n7g1we65b5n821nz1pdfvk9728mtac9heea7n7g1we65b5n821nz1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.