Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawra Selfie
v1.1.3Generate Clawra-style selfie images with a Qwen-first image backend (with optional Gemini and HF fallback) and send them to messaging channels via OpenClaw.
⭐ 0· 124·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (generate/send Clawra-style selfies) matches the code: it calls image backends (Qwen/Gemini/HF) and sends outputs via OpenClaw. However the registry metadata claims 'required env vars: none' and 'primary credential: none' while SKILL.md and scripts clearly require QWEN_API_KEY or HF_TOKEN (and optionally GEMINI_API_KEY). This mismatch between declared requirements and actual runtime needs is an incoherence the user should be aware of.
Instruction Scope
SKILL.md and scripts instruct reading/writing workspace files and reference explicit absolute paths under /home/Jaben/.openclaw/workspace-clawra-bot/... and OUTPUT_DIR defaults to /home/Jaben/.openclaw/... The TypeScript wrapper also calls an absolute script path (/home/Jaben/.openclaw/skills/clawra-selfie/scripts/clawra-selfie.sh). These hard-coded paths extend the skill's scope to a specific user's filesystem and may fail or unintentionally access other files on different systems. The script will also send network traffic to third‑party APIs (DashScope/Qwen, Hugging Face, Gemini) which is expected but requires provided API keys.
Install Mechanism
There is no registry install spec, but an included scripts/install.sh clones the GitHub repo (standard), and README suggests a curl|bash one-liner that downloads the installer. 'curl | bash' style install is convenient but risky; the included install.sh itself uses git clone which is lower risk. No obscure download URLs or IPs are used, but running remote install scripts without review is a common vector for supply-chain issues.
Credentials
Requested credentials (QWEN_API_KEY, HF_TOKEN, optional GEMINI_API_KEY) are appropriate for image-generation backends and proportional to the skill's function. The problem is that the skill metadata in the registry does not declare these env vars, causing a transparency gap. Also the script will inherit and pass process.env through to child processes (normal), so be mindful of token exposure in logs or stdout/stderr.
Persistence & Privilege
The skill does not request always:true and doesn't modify other skills' config. It writes generated images to a workspace directory and reads possible reference images from hard-coded paths. Those write/read actions are expected for this functionality, but the hard-coded /home/Jaben paths create a persistence/privilege mismatch for other users and could cause accidental reads/writes in unexpected locations.
What to consider before installing
Before installing or running this skill: 1) Review and set required API keys (QWEN_API_KEY or HF_TOKEN; GEMINI_API_KEY only if you enable Gemini). The registry metadata incorrectly lists no required env vars—trust the SKILL.md/scripts instead. 2) Inspect scripts before running any curl|bash installer; prefer cloning the GitHub repo with git and review install.sh. 3) Update the hard-coded paths (/home/Jaben/...) in scripts/ts to match your system (or install under that exact path) to avoid accidental access to other directories or failures. 4) Store API tokens with least privilege and separate tokens for demo/testing; avoid reusing high-privilege keys. 5) Consider running the skill in an isolated account/container and keep private reference images out of public repos. 6) If you plan to reuse the included TypeScript wrapper, change the absolute script path to a relative or configurable location so it won't execute unintended files. If these issues are addressed (metadata fixed, paths parameterized, install guidance removed or made safer), the skill's risk would be much lower.Like a lobster shell, security has layers — review code before you run it.
latestvk97b1246gj1pnwr6kf5jmenr7h83jntr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.