clawimage-free
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward image-generation helper, but prompts are sent to an external DiversityFaces API and returned images may be saved locally.
This skill appears benign and purpose-aligned. Before installing, understand that it works by sending your image prompt to diversityfaces.org using curl and may save the generated image to your machine. Do not include private or confidential details in prompts unless you are comfortable sharing them with that service.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make network requests and save generated image files as part of the requested image workflow.
The skill instructs the agent to run curl commands for generation, status polling, and downloads. This is expected for the skill's purpose, but it does give the agent command-based network access when invoked.
When a user wants to generate images, use curl commands directly
Use the skill only for intended image-generation tasks, review prompts before sending them, and choose safe local filenames and locations for downloads.
Any prompt details, including names, likeness descriptions, or other personal details the user includes, may be transmitted to the external service.
The workflow sends user-provided prompts to an external image-generation provider. This is disclosed and purpose-aligned, but it creates a third-party data flow.
curl -X POST https://gen1.diversityfaces.org/api/generate/custom-claw ... "full_prompt": "A beautiful 25-year-old woman with long hair, elegant dress, professional lighting"
Avoid including sensitive personal, confidential, or proprietary information in prompts unless you are comfortable sharing it with the external provider.