Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Baoyu Article Illustrator
v1.60.3Analyzes article structure, identifies positions requiring visual aids, generates illustrations with Type × Style × Palette three-dimension approach. Use whe...
⭐ 4· 1.8k·59 current·60 all-time
byJim Liu 宝玉@jimliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the files and runtime instructions: the skill analyzes articles, determines illustration positions, and constructs saved prompt files for batch image generation. However, the bundle contains a TypeScript batch script (scripts/build-batch.ts) and an explicit line in prompts/system.md referencing an external generator name (“nano banana pro”) even though no binaries, environment variables, or external endpoints are declared. The presence of a script without declaring Node/npm or runtime expectations is unexpected but not outright malicious.
Instruction Scope
SKILL.md requires saving prompt files that MUST include article-specific data (actual numbers, terms, metrics, quotes), and it mandates that prompt files be written before any image generation. That behaviour is consistent with generating tailored images, but it also means sensitive or private article content will be embedded in prompts. prompts/system.md explicitly instructs to "DO NOT refuse to generate" for sensitive/copyrighted figures and to produce stylized alternatives — a policy/ethics red flag. There is also an unreferenced instruction to "use nano banana pro to generate the illustration" (an external tool not declared in requires or install), which raises questions about where prompts are sent and whether data is transmitted off-device.
Install Mechanism
There is no install spec (instruction-only), which reduces risk. However, a non-trivial TypeScript build script (scripts/build-batch.ts) is included. That implies a Node-based step or runtime use; yet the skill does not declare required binaries or dependencies (node, npm, ts-node, etc.). This mismatch is disproportionate and worth inspecting: if the agent or user executes that script it may run arbitrary code or call external services.
Credentials
The skill declares no required environment variables or credentials (good). It expects to read and write user configuration files (EXTEND.md) in project and home config paths — consistent with preference storage. The main proportionality risk is data leakage: prompts are required to include article content (numbers, quotes), and the skill references external generators implicitly; without knowing the destination of prompt data, embedding sensitive content could expose it.
Persistence & Privilege
The skill does not request always:true or elevated persistent privileges. It writes/reads its own EXTEND.md preference files in project/user scope (documented) which is normal for user preferences. It does not ask to modify other skills or global agent settings.
What to consider before installing
This skill mostly does what its description promises, but proceed with caution. Before installing or running it: (1) Inspect scripts/build-batch.ts to see what it executes and whether it calls external endpoints or requires Node; do not run unknown scripts without review. (2) Confirm where image generation actually happens (local tool, another skill, or a remote API). The prompts/system.md mention an external generator name (“nano banana pro”) but the skill does not declare any endpoint or credential—ask the author or examine the build script to find the target service and its privacy policy. (3) Be aware prompts are required to include article-specific text, numbers, quotes and may therefore leak sensitive content if sent to a remote generator; avoid including PII, secrets, or confidential data in articles you illustrate. (4) If you must use the skill, prefer running generation locally or with a service you control; disable automatic/autonomous invocation until you confirm where data flows. (5) If you are not comfortable auditing the code or confirming the generation endpoint, consider a simpler instruction-only tool that uses only local assets or a known, documented API.Like a lobster shell, security has layers — review code before you run it.
latestvk974vy083zxxr2j9cwtgkgzp1584gz8n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.