Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Poetry Daily Art
v1.0.0Generate daily Chinese classical poetry art cards — AI-generated landscape painting paired with poem text, delivered to chat. Use when the user asks for poet...
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (generate poem art cards) matches the included script and instructions: they build an image prompt from a poem title, generate an image via an image CLI, and send it as a message. However the SKILL.md advertises use with a cron and a 'message' tool (Telegram delivery) and mentions MiniMax; those required credentials/tools are not declared in the skill metadata. This is a mismatch between declared requirements (none) and what the skill actually needs.
Instruction Scope
SKILL.md says to read data/poem_study_progress.json (relative) and archive/poem/, but the script hardcodes absolute paths under /Users/hwang/.openclaw/workspace (progress file, memory/*.md, output dir). The script also falls back to scanning memory markdown files (memory/*.md) to find poem titles — that can read arbitrary user notes. These file accesses go beyond the documented relative paths and may expose unrelated sensitive user data.
Install Mechanism
There is no install spec (instruction-only) which is low risk for supply-chain downloads. The script requires an external CLI ('mmx') and instructs 'npm install -g mmx-cli' as a prerequisite in SKILL.md, but this is not enforced or declared in metadata. Lack of an explicit install step is acceptable, but the skill depends on an external, third-party CLI (mmx) and its trustworthiness should be validated by the user.
Credentials
The skill metadata declares no required environment variables or credentials, yet SKILL.md and the script require a MiniMax API/CLI and imply a MiniMax API key and a messaging transport (Telegram) for delivery. The script also reads files from a specific user's workspace (absolute /Users/hwang/...), which is a disproportionate and user-specific access pattern. Required secrets (MiniMax API key, Telegram token) should be declared and justified; currently they are missing.
Persistence & Privilege
The skill is not marked 'always:true' and does not modify other skills or system-wide settings. It writes output files to a workspace directory and removes previous images; this is expected for an image-generation helper and does not indicate elevated privileges.
What to consider before installing
Before installing, ask the author to: (1) remove or parameterize hardcoded absolute paths (use a workspace or env variable instead of /Users/hwang/...), (2) explicitly declare the required credentials and environment variables (e.g., MINIMAX_API_KEY, TELEGRAM_TOKEN) in the skill metadata, (3) avoid searching general memory/*.md files (or document and limit exactly which files are read) because those may contain sensitive notes, (4) document the exact delivery mechanism and any third-party CLI (mmx) including where to obtain it and why it is trusted, and (5) test in a sandboxed account to confirm behavior. If the author provides a corrected version that uses relative/parameterized paths, declares env vars, and limits file access, the assessment would likely move to benign. Right now the inconsistencies and potential privacy exposures make the skill suspicious.Like a lobster shell, security has layers — review code before you run it.
latestvk97cha24w0czgqet387ajdayzd84qfgq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.