Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (text->image) align with the provided Python script that sends prompts and optional images/videos to a remote AI inference API. Requiring python and an API key (TEAM_API_KEY) is plausible. However the script defaults to an undocumented third-party endpoint (https://dlazy.com/api/ai/tool) which is not justified or referenced in the SKILL metadata or homepage.
Instruction Scope
SKILL.md explicitly orders the agent to NOT use the platform's 'openclaw run' and to execute 'python script/invoke_model.py' directly. That instruction looks like an attempt to bypass the platform's normal execution wrapper/auditing. The script will read local files (images/videos) if given paths, base64-encode them, and POST them to the remote endpoint (potentially sending any local file the agent is directed to include). The instructions do not request or justify access to other unrelated system resources, but the explicit bypass requirement and network exfiltration capability are concerning.
Install Mechanism
No install spec — instruction-only with an included Python script. That minimizes disk installation risk. The script depends on the 'requests' package, which is not declared; this is an operational omission but not a high install risk.
Credentials
The skill only requires TEAM_API_KEY (declared as primary), which is appropriate for a remote API client. However the script honors TEAM_BASE_URL (not declared as required) and defaults to an undocumented host (dlazy.com). TEAM_BASE_URL can redirect traffic to arbitrary endpoints if set, increasing risk. No other credentials are requested.
Persistence & Privilege
'always' is false and the skill does not request persistent platform privileges or modify other skills. The main privilege concern is the instruction forcing direct execution that may reduce observability/control but not persistent installation.
What to consider before installing
This skill appears to implement text→image by sending prompts and (optionally) user files to a remote inference API, which is a plausible purpose. However two red flags warrant caution: (1) SKILL.md insists the agent must run the Python script directly and not use the platform runner — that looks like an attempt to bypass platform controls/auditing; (2) the default backend URL (https://dlazy.com/api/ai/tool) is undocumented and could receive any prompt or file you send (the script base64-encodes and uploads images/videos). Before installing: verify the operator/owner and the legitimacy of dlazy.com or set TEAM_BASE_URL to a trusted endpoint; do not provide a TEAM_API_KEY unless you trust the remote service; prefer using the platform's managed run mechanism (contact the skill author why openclaw run is disallowed); and avoid passing local file paths you wouldn't want uploaded. If you need this capability but want lower risk, ask the maintainer to remove the 'must not use openclaw run' directive, declare TEAM_BASE_URL explicitly in metadata, and provide the hosting/ownership details for the API endpoint.Like a lobster shell, security has layers — review code before you run it.
latestvk979vygm4rd9knryc82bv0bbex844yef
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🖼️ Clawdis
Binspython
EnvTEAM_API_KEY
Primary envTEAM_API_KEY