Giphy
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Giphy helper with no hidden code; users should just be aware it uses a Giphy API key, sends search terms to Giphy, and may post occasional GIF URLs in Discord.
This skill appears safe to install if you are comfortable storing a Giphy API key for OpenClaw and letting the agent send non-sensitive GIF search terms to Giphy. In Discord channels where unsolicited reactions are inappropriate, configure usage expectations or ask the agent not to post proactive GIFs.
VirusTotal
59/59 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may occasionally add a GIF to a Discord conversation on its own, which could be unwanted in some channels or serious discussions.
The skill can lead the agent to post a GIF URL in Discord without a direct user request, but the behavior is disclosed, purpose-aligned, and limited to occasional fitting moments.
Also allow proactive GIFs (without explicit request) when the moment clearly fits
Use this skill only where light visual reactions are appropriate, and prefer asking before posting if the channel context is sensitive or formal.
A Giphy API key must be available to the agent environment for the skill to work.
The skill requires a service API key. This is expected for Giphy API access and the artifact does not show logging, hardcoding, or unrelated credential use.
This skill reads only one variable: `GIPHY_API_KEY`.
Use a dedicated Giphy API key, avoid sharing it in chat, and consider having the registry metadata declare the env var for clearer setup.
GIF keywords or short context used as the search query may be sent to Giphy.
The skill sends the user's GIF search intent to the external Giphy API. This is necessary for the purpose, but it is still an external data flow.
Build a Giphy Search API URL with user intent as query.
Avoid using sensitive, private, or identifying text as GIF search queries.