ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reddit Quote Carousel Topaz

v1.0.0

Create an Instagram carousel from a popular-picks list with Reddit quotes + Topaz 2x upscaling. Cover = "clean" style ("Top CATEGORY in Destination"), attrac...

0· 649·2 current·2 all-time
by@psyduckler
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description (Reddit quotes + Topaz upscale → Instagram carousel) is coherent with instructions to fetch a popular‑picks page, find photos, run Topaz, overlay text, and publish. However, the SKILL.md presumes access to macOS Keychain entries, an Instagram Graph API token, and push access to a 'tabiji' repo — none of which are declared in the registry metadata. Also it references a hardcoded, user‑specific script path (/Users/psy/.openclaw/...) which is not portable or declared.
!
Instruction Scope
Instructions do more than simple image composition: they read secrets from macOS Keychain via the security CLI, download and upload images to Topaz Labs, use a local python overlay script at a specific user path, and git‑push files to a repo. They therefore access local secrets, local filesystem paths, and external services beyond just reading the provided popular_picks_url. The skill also assumes tools like curl, jq, git and python are present and that the runtime can access Keychain and a particular project workspace.
Install Mechanism
This is an instruction‑only skill with no install spec or code files, so nothing will be written to disk by an installer. That lowers install risk. The runtime still instructs downloading/uploading images and calling external APIs (Topaz and GitHub raw URLs) which are normal for this purpose.
!
Credentials
The registry lists no required environment variables or config paths, but the SKILL.md explicitly expects macOS Keychain items (topaz-api-key, instagram-access-token, instagram-account-id) and uses them to call Topaz and the Instagram Graph API and to publish posts. It also expects push access to the tabiji repo. Sensitive credentials are used but not declared — a clear mismatch and disproportionate for an install that advertised no required secrets.
!
Persistence & Privilege
The skill does not request 'always: true', but its instructions include publishing directly to Instagram (using an access token) and pushing hosted images to a repository. If the agent can invoke this skill autonomously (default), it could publish content on behalf of the user. Combined with the undeclared credentials and Keychain access, this increases the blast radius and warrants caution.
What to consider before installing
Do not install or grant this skill full autonomy until the author clarifies and fixes the mismatches. Questions / actions to request before proceeding: 1) Declare exactly which credentials/configs are required (Topaz API key, Instagram Graph API token, instagram-account-id, and any Git credentials) and the expected mechanism (env vars vs Keychain). 2) Remove or explain the hardcoded local path (/Users/psy/...) and provide a portable overlay tool or a dependency list/install instructions. 3) Confirm target repository and whether the skill will push to a public repo; require explicit git credentials and least-privilege tokens. 4) Note the platform assumption (macOS Keychain use) and either add an alternative for other OSes or restrict OS support in metadata. 5) If you must use this skill, run it in a sandboxed agent and avoid giving it a long‑lived Instagram token with publish scope — use a short‑lived/test account and review activity logs. 6) Consider disabling autonomous invocation (require manual approval) until you trust the behavior. If the author cannot or will not address these issues, treat the skill as risky and do not provide it access to your Keychain or publish tokens.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ap18gy631k9z9m9nmv0hzs81b9kp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments