Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Picwish Skills
v1.0.7Root routing skill for PicWish (佐糖) image processing capabilities. Routes to: picwish-segmentation, picwish-face-cutout, picwish-upscale, picwish-object-remo...
⭐ 0· 80·0 current·0 all-time
by@px94
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill routes to PicWish sub-skills and the packaged Node.js code implements HTTP requests to PicWish endpoints, polling, download, and local output handling. Declared file read/write/exec permissions (reading OpenClaw config, workspace scripts, writing outputs, executing node) are consistent with the described behavior.
Instruction Scope
Runtime instructions limit operations to resolving images, calling PicWish APIs, polling, and saving results. The code may execute a local helper script (~/.openclaw/workspace/scripts/oc-workspace.mjs) if present — this is intentionally user-managed to route outputs. Executing a user-controlled script is expected for workspace integration but is a potential escalation point if an attacker already controls that path; the code includes checks (restricting to OPENCLAW_HOME under the user's homedir and resolving realpath) which reduce risk.
Install Mechanism
There is no network install step or remote code download in the package metadata. The skill is distributed with Node.js source files and a package.json but no install script fetching external artifacts; no high-risk install URLs observed.
Credentials
The only required credential is PICWISH_API_KEY (with optional PICWISH_REGION). The code also respects optional PICWISH_BASE_URL and polling-related env vars (documented). It reads the OpenClaw config to obtain the API key when not provided via env — this is justified by the design and declared in SKILL.md/_meta.json.
Persistence & Privilege
Skill does not request always:true, does not persist itself or modify other skills, and only executes node (declared). It may run a user-managed oc-workspace helper but only under safe path checks. Autonomous invocation is allowed by default (platform normal) and is not combined with other concerning flags.
Assessment
This package appears to do what it says — call PicWish APIs and save results. Before installing or invoking: 1) Provide PICWISH_API_KEY from a trusted source (or keep it only in environment variables if you don't want code reading ~/.openclaw/config.json). 2) Inspect any oc-workspace.mjs you keep at ~/.openclaw/workspace/scripts/ before using the skill — the skill may execute that script to determine output routing. 3) Result URLs returned by the API may contain short-lived auth tokens; treat them as sensitive and avoid pasting them into public places. 4) The skill requires Node ≥18 and will write files to your output directory (cwd/output, visual output under OPENCLAW_HOME, or ~/Downloads fallback); confirm those locations are acceptable. If you want minimal exposure, set PICWISH_API_KEY in the environment and remove or audit oc-workspace.mjs so the skill cannot run unexpected local code.scripts/run_task.mjs:194
Shell command execution detected (child_process).
scripts/lib/client.mjs:14
Environment variable access combined with network send.
scripts/lib/client.mjs:19
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97535y65yf8hatgtanyy2h0hx83x6fm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.