Horse Sticker Maker
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: horse-sticker-maker Version: 1.0.0 The skill bundle is designed to create AI-generated blessings and GIF stickers. It is classified as 'suspicious' due to the potential for prompt injection against the underlying Large Language Models (Google Gemini/Imagen) in `assets/horse-blessing-template/app/api/generate/route.ts` and `assets/horse-blessing-template/app/api/sticker/route.ts`. User input is directly embedded into the prompts, which could allow a sophisticated attacker to manipulate the LLM's output beyond the intended scope. While this is a vulnerability in LLM interaction, there is no clear evidence of intentional malicious behavior by the skill developer, such as data exfiltration, persistence, or unauthorized system access. The use of environment variables for API keys and loading `gif.js` from a CDN are standard practices and not inherently malicious within this context.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may deploy the app without realizing it needs provider API keys that can incur quota or billing usage.
The code requires a server-side Google API key, while the registry metadata says there are no required env vars or primary credentials. This under-discloses credential requirements and scope.
const API_KEY = process.env.GOOGLE_API_KEY! const BASE = process.env.GOOGLE_API_BASE || 'https://aiplatform.googleapis.com/v1/publishers/google/models'
Declare the required API keys, document the needed scopes and billing impact, and tell users how to restrict keys to the intended Google/Gemini APIs.
If deployed publicly, visitors or bots could repeatedly call the endpoint and consume the deployer's API quota or generate costs.
The route accepts public POST input and triggers provider image generation using the server API key. The provided route code shows input length checks, but no authentication, rate limiting, quota control, or abuse protection.
export async function POST(req: NextRequest) {
...
const imageDataUrl = await geminiGenerateImage(prompt)
return NextResponse.json({ image: imageDataUrl })Add authentication, rate limiting, quotas, and abuse monitoring before production deployment, or keep the app private.
Names or blessing text entered into the app may be sent to Google/Gemini for generation.
User-provided names are incorporated into prompts sent to an external AI provider. This is purpose-aligned, but users should know their input leaves the app server.
const { name } = await req.json()
...
const textRaw = await geminiGenerate(textPrompt)Disclose the external AI data flow in the app UI and privacy notes, and advise users not to enter sensitive personal information.
Users' browsers depend on the CDN-served script behaving as expected.
The client loads third-party JavaScript from a CDN at runtime. This is purpose-aligned for GIF generation, but no subresource integrity or local vendoring is shown.
src="https://cdn.jsdelivr.net/npm/gif.js@0.2.0/dist/gif.js"
Vendor the script locally or add integrity checking where possible, and review npm dependencies before deployment.