Back to skill

Security audit

Happy IMG2 Direct

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it generates images through a configured external image provider, with local outputs and run logs.

Install only if you trust the configured OpenClaw image provider and API key. Treat prompts as data sent to that provider and also stored locally in run or batch directories, so avoid secrets, regulated personal data, or confidential material unless that provider and local retention are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description and usage text do not clearly warn users that prompts and related generation parameters are transmitted to an external OpenAI-compatible image provider. Users may include sensitive, proprietary, or regulated information in prompts under the assumption processing is local, resulting in unintentional third-party disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The batch runner persists the full request, per-task metadata, prompts, command details, and captured stdout/stderr into workspace files. In an agent setting, prompts can contain secrets, proprietary text, personal data, or internal identifiers, so indiscriminate logging creates a durable data exposure risk for anyone with workspace access or for later tooling that scans these directories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persistently writes the raw user prompt, outputs, stdout/stderr, and structured results to disk under `~/.openclaw/generated-images/_runs`, which can expose sensitive prompts, generated content, file paths, and error details to other local users, backups, or later forensic access. Because prompts may contain secrets, personal data, or proprietary material, this creates a real confidentiality and privacy risk even though it is likely intended for debugging and traceability.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/generate-image.js:12