Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ellya--OOTD
v1.0.2OpenClaw virtual companion skill. Use it to bootstrap runtime files (SOUL and base image), guide user personalization, learn and store style prompts from upl...
⭐ 0· 41·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and docs implement an image-style learning and generation assistant (Gemini/Minimax providers), which matches the description. However, registry metadata declares no required environment variables while README and code clearly expect GEMINI_API_KEY and Minimax-related variables (MINIMAX_API_KEY, MINIMAX_BASE_URL, etc.). That mismatch between declared requirements and actual code is an inconsistency that reduces trust.
Instruction Scope
Runtime instructions ask the agent to read/write SOUL.md, assets/base.*, styles/, and to run scripts that will convert and upload images to external providers. ANALYSIS_PROMPT.md instructs the model to infer sensitive attributes (ethnicity, age, micro facial features). The SKILL.md also allows autonomous generation flows (e.g., 'take a selfie' => auto-select styles and generate) which will cause user photos to be sent to external services without additional explicit confirmation. These behaviors expand the scope beyond simple local file management and carry privacy/exfiltration risks.
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain install risk. However, the package includes Python scripts that will be present on disk and executed via 'uv run'—there is no third-party download, but the code will call external network endpoints (Google genai, custom Minimax endpoints).
Credentials
The code expects API keys and service URLs (Gemini and Minimax), plus it calls load_dotenv(), which will read .env files in the repo/parent directories—this can unintentionally surface unrelated secrets to the running process. The skill's declared required env vars are empty in registry metadata, but the code will raise errors or attempt to use GEMINI_API_KEY, MINIMAX_API_KEY, MINIMAX_BASE_URL, etc. Requesting multiple external-service credentials and a base URL that can point to an arbitrary host increases the blast radius if misconfigured.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or global agent settings in the provided files. It stores and reads files within its own directory (SOUL.md, assets/, styles/), which is expected for this use case.
What to consider before installing
Before installing, consider the following: (1) The skill will upload user images and analysis text to external image/LLM providers (Gemini or a Minimax endpoint). If you care about privacy, don't provide real personal photos or set provider endpoints to untrusted hosts. (2) Registry metadata does not list required env vars, but the code expects GEMINI_API_KEY and Minimax-related variables (MINIMAX_API_KEY, MINIMAX_BASE_URL, etc.). Verify what keys/endpoints you'll configure and ensure they are trustworthy. (3) The code calls load_dotenv(), which can load a .env from parent directories — check your repository for sensitive secrets before running. (4) ANALYSIS_PROMPT.md explicitly instructs the model to infer ethnicity and age and very fine facial details — if you want to avoid sensitive-attribute inference, remove or edit that prompt before use. (5) Decide your consent policy: the skill can auto-generate/auto-upload images when asked 'take a selfie' or when you upload an appearance photo; if that is unacceptable, modify the SKILL.md/handler to require explicit confirmation before sending images to external services. If you are not comfortable with these issues or cannot verify provider trust, do not install or run the scripts.Like a lobster shell, security has layers — review code before you run it.
latestvk974er06c49ngegjtr7hndsjas83wyen
License
MIT-0
Free to use, modify, and redistribute. No attribution required.