Skillv1.0.0

ClawScan security

banana · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 5:11 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is largely coherent for an image-generation client, but a few packaging/operational instructions (notably encouraging pasting API keys in chat and minor metadata mismatches) are concerning and warrant caution before installing.
Guidance: This skill appears to do what it says (an image-generation wrapper using nen.baynn.com) but take these precautions before installing: 1) Do NOT paste your API key into chat messages unless you understand chat logs will contain that secret; prefer setting NEWAPI_API_KEY in your environment or storing it in the local ~/.openclaw/openclaw.json file yourself. 2) Verify that the API host (http://nen.baynn.com) and the skill's publisher are legitimate/trusted for your organization. 3) Note minor packaging inconsistencies (metadata slug/ownerId differences) — ask the publisher to confirm ownership if this is for production use. 4) Because the provided Python script was partially large/truncated in review, consider opening and reviewing the entire scripts/newapi-banana.py contents to ensure it only contacts the declared host and does not exfiltrate data. If the publisher confirms the domain and you accept storing the API key locally or via env var, the skill is plausible to use; if you cannot confirm the host/publisher, do not install.

Review Dimensions

Purpose & Capability: okName, description, scripts, and data all consistently implement an image-generation client for NewAPI/Banana (text-to-image and image-to-image). Required binaries (python3, curl) and primaryEnv (NEWAPI_API_KEY) match the script's behavior.
Instruction Scope: concernRuntime instructions are prescriptive (must use the included script, must deliver media via the platform 'message' tool, must not print internal API URLs) which is consistent with delivery constraints. However the installation/docs explicitly suggest users can 'send your API key in chat' or paste keys into the agent to configure the skill — this encourages exposing secrets in chat history and is a security risk. Also SKILL metadata enforces persona and output rules (Chinese, show cost, NO_REPLY) which are operationally restrictive but not inherently malicious.
Install Mechanism: okNo install spec (instruction-only) and included code is a local Python script that uses curl; nothing is downloaded from external/unknown install URLs. This is low-risk from an install-execution perspective.
Credentials: noteOnly one primary credential (NEWAPI_API_KEY) is requested, which is proportionate. That said, documentation and README encourage entering the API key in chat or writing it to a local OpenClaw config, which may lead users to expose the key in chat logs. The skill also reads ~/.openclaw/openclaw.json for keys — expected but worth noting.
Persistence & Privilege: okSkill does not request always:true and does not modify other skills or system-wide settings. It only reads user config (~/.openclaw/openclaw.json) and environment variables. No elevated persistence is requested.