Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Coze Image Skill
v1.0.0Generate images using Coze AI platform. Supports text-to-image generation with automatic Base64 encoding for inline preview. Use when you need to create imag...
⭐ 0· 41·0 current·0 all-time
by@pgyppp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code (scripts/coze_image_skill.py) implements text-to-image via a Coze SSE endpoint and returns Base64 images, which matches the skill's stated purpose. However the published registry metadata stated 'no required env vars' while SKILL.md and the code require IMAGE_API_TOKEN (and default project/session IDs and an endpoint). Also package.json lists a Python dependency ('requests') in a Node manifest, which is inconsistent and unnecessary for the declared Python implementation.
Instruction Scope
SKILL.md and the code instruct the agent to POST to a configurable SSE endpoint, parse SSE events, extract any HTTP URL found in arbitrary fields, then download that URL and convert it to Base64. Extracting and fetching arbitrary URLs from upstream text can lead to unexpected network fetches (including internal or private addresses if the SSE contains them). The instructions do not read local files or other env vars, but they do permit the skill to fetch arbitrary external resources returned by the upstream service.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically downloaded at install time — lower install risk. However package.json includes 'autoUpdate': true and a dependency listed as 'requests' (a Python library) in a Node package manifest, which is inconsistent and may indicate sloppy packaging or confusion about install/update mechanisms.
Credentials
The skill reasonably needs an API token for the Coze service, which is declared in SKILL.md, but the registry metadata didn't mark any required env vars — an inconsistency. The SKILL.md and code also ship with hard-coded defaults for IMAGE_API_URL, IMAGE_API_PROJECT_ID, and IMAGE_API_SESSION_ID pointing at a specific third-party domain and IDs. Having a default endpoint baked in is risky: if users do not override it, the skill will make network requests to that host. Require only the API token would be proportional; shipping a default external endpoint and project/session IDs without explanation is concerning.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configuration. It can be invoked autonomously (default), which is normal for skills; nothing here elevates persistence or privilege beyond typical skill behavior.
What to consider before installing
This skill's code implements Coze text-to-image generation but contains a few red flags you should address before installing or using it with real credentials:
- Do not rely on the default IMAGE_API_URL/project/session values. The default domain (https://6fj9k4p9x3.coze.site) and IDs are baked into the skill; if you don't override them requests will go to that third-party host. Confirm the endpoint is legitimate or set your own.
- Provide only a Coze API token dedicated to this use (avoid using tokens that grant broader access). The skill requires IMAGE_API_TOKEN; do not paste high-privilege or long-lived secrets unless you trust the endpoint.
- The skill will download whatever URL it finds in the SSE response. This can lead to fetching attacker-controlled or internal-network URLs (SSRF/metadata access). Avoid running the skill in an environment where such fetches could reach sensitive internal services, or harden network egress rules.
- The repository metadata is inconsistent (registry says no env vars required; SKILL.md/code require them) and package.json mixes Node metadata with a Python dependency. Treat this as sloppy packaging — consider reviewing and testing the Python script directly rather than trusting the package metadata.
If you want to proceed: inspect and, if appropriate, modify scripts/coze_image_skill.py to (a) remove or change the default IMAGE_API_URL to a known-good endpoint, (b) restrict URL extraction/validation to expected domains or paths, and (c) review how debug info (project/session IDs) is returned so you don't unintentionally leak identifiers. If you are unsure, don't install the skill or test it in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
aivk97fbwf0gb9ft5tt8r0xx80mvn83sck0cozevk97fbwf0gb9ft5tt8r0xx80mvn83sck0imagevk97fbwf0gb9ft5tt8r0xx80mvn83sck0latestvk97fbwf0gb9ft5tt8r0xx80mvn83sck0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Environment variables
IMAGE_API_TOKENrequired— Coze API authentication tokenIMAGE_API_URL— Coze stream_run endpointIMAGE_API_PROJECT_ID— Coze project IDIMAGE_API_SESSION_ID— Coze session IDIMAGE_API_TIMEOUT— Request timeout in seconds