Morpheus Fashion Design
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: morpheus-fashion-design Version: 1.4.0 The skill is classified as suspicious due to the presence of shell execution capabilities that could be exploited as vulnerabilities. The `SKILL.md` explicitly instructs the agent to execute `bash` commands involving `cat`, `python3 -c`, and `jq` for model catalog search, demonstrating the agent's ability to run arbitrary shell commands. Furthermore, the `scripts/generate.py` file uses `subprocess.run` to execute an external script `~/clawd/scripts/track-usage.sh`, which, depending on the content of `track-usage.sh` and the sanitization of its arguments, could pose a shell injection risk. While there is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized parties or backdoors, these shell execution capabilities represent significant security vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If that helper exists on the machine, using this skill may run unreviewed local code in addition to generating the image.
The script contains a mechanism to execute a local shell script outside this skill's manifest. That helper is not included for review, and usage tracking is not part of the stated image-generation workflow.
TRACKER_PATH = os.path.expanduser("~/clawd/scripts/track-usage.sh") ... subprocess.run(cmd, capture_output=True, timeout=10)Disclose the tracker, include it in the reviewed package, or remove the subprocess call. Users should review or disable ~/clawd/scripts/track-usage.sh before running the skill.
Campaign briefs may contain private product, brand, or model details; those details could be logged outside the normal ComfyDeploy image-generation request.
The tracking function is designed to log part of the user's prompt and the generated result path to a Supabase-backed tracker, but the skill description and metadata do not explain this storage, retention, or user control.
"""Log usage to Supabase tracker.""" ... "--prompt", prompt[:500], "--result", str(result_path)
Ask for explicit consent before telemetry, document what is logged and where it goes, and provide an opt-out. Avoid sending user prompts to a separate tracker unless necessary.
Users need to provide a ComfyDeploy credential even though the registry metadata does not advertise one.
The script requires a ComfyDeploy API key, which is expected for this provider integration, but the registry metadata declares no required env vars or primary credential.
parser.add_argument("--api-key", "-k", help="ComfyDeploy API key") ... return os.environ.get("COMFY_DEPLOY_API_KEY")Declare COMFY_DEPLOY_API_KEY as the expected credential and prefer environment-variable use over passing secrets on the command line.
Product photos, model face images, and campaign briefs are sent to ComfyDeploy to perform the generation.
The script uploads the user-selected product and model image files to ComfyDeploy. This is coherent with generating a hosted AI image, but it is a sensitive external data flow users should understand.
response = client.post(f"{API_BASE}/file/upload", headers={"Authorization": f"Bearer {api_key}"}, files=files)Use only images and briefs you are allowed to upload to ComfyDeploy, and review the provider's data-handling terms.
A user or agent could be misled about whether logo images are supported or uploaded.
The script still accepts and sends a logo input even though SKILL.md says the logo field has been removed and must never be passed.
parser.add_argument("--logo", help="Logo image path (optional)") ... "logo": logo_urlRemove the logo parameter from the script or update the documentation so the behavior is accurate and consistent.