Back to skill
Skillv1.1.1
ClawScan security
nanobanana-openrouter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 17, 2026, 7:52 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill does what it claims (image generation/editing via OpenRouter) but the package metadata, runtime instructions, and code are inconsistent and there are practical risks (missing declared API key, possible arbitrary file upload and path traversal) that the user should understand before installing.
- Guidance
- Before installing, be aware of three issues: (1) the skill actually requires an OpenRouter API key (OPENROUTER_KEY) and the 'uv' runner but the metadata does not declare them — ask the author to update the manifest so you know what credentials will be used; (2) the scripts will upload any file you point at with --input-image (it encodes the file as a data URL and sends it to openrouter.ai) — do not pass paths to sensitive local files; and (3) filenames are not sanitized against directory traversal (a crafted --filename or --output-dir could cause writes outside the skill folder). If you still want to use it, run it in a sandboxed environment, only provide a dedicated API key with limited quota/permissions, and request the author add explicit metadata and filename/path sanitization (reject '..' or absolute paths, enforce basename-only writes).
Review Dimensions
- Purpose & Capability
- concernName/description match the included code (calls OpenRouter to generate/edit images). However the registry metadata declares no required environment variables or binaries while the SKILL.md and scripts require an OpenRouter API key (OPENROUTER_KEY) and the 'uv' runner. That mismatch is incoherent: a user or integrator would reasonably expect OPENROUTER_KEY to be declared as a required credential and 'uv' as a required binary.
- Instruction Scope
- concernSKILL.md instructs the agent to run the provided scripts for generation and edits, which is consistent. But the scripts convert any provided input image to a base64 data URL and POST it to openrouter.ai — meaning arbitrary local files supplied as --input-image will be uploaded to an external service. SKILL.md does not explicitly warn about uploading local files, and the code does not restrict which paths may be supplied.
- Install Mechanism
- okThis is instruction-plus-scripts only: there is no install spec or remote download. That minimizes supply-chain risk; dependencies are declared in script comments (requests, pillow) but nothing is fetched at install time by the skill bundle.
- Credentials
- concernThe code requires an OpenRouter API key (OPENROUTER_KEY) or --api-key at runtime, but the skill metadata declares no required env vars and primary credential is 'none'. This is a clear mismatch. Requesting the single API key is proportional for this purpose, but it should be declared explicitly. No other credentials are requested.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request special platform privileges. It writes output images to a local output_images directory under the skill by default (or to a user-specified output-dir).