Image Quote Overlay
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can read JPGs from the configured folder and overwrite or create the chosen output image path.
The script uses configurable local input and output paths. This is expected for generating images, but users should ensure the photo directory and output file path are intended because the script reads local photos and writes files.
PICS_DIR="${PICS_DIR:-/Users/quocmodoro/TinClaw/Pics}"
OUTPUT="${2:-/tmp/openclaw/uploads/overlay-output.png}"
PICS=($(ls "${PICS_DIR}"/*.JPG 2>/dev/null))Use a dedicated photo folder and output directory, and avoid pointing the output at important existing files.
Users may need to trust local scripts and separately installed tools without strong registry provenance.
The registry provenance is limited, and there is no managed install spec. This does not show malicious behavior, but users should verify the package source and manually installed dependencies.
Source: unknown Homepage: none Install specifications No install spec — this is an instruction-only skill.
Review the included script before use and install ImageMagick only from a trusted package manager or vendor source.
Running the skill executes local commands that process images and create temporary/output files.
The skill relies on executing local shell commands and ImageMagick operations. This is purpose-aligned for image creation but should be visible to users because it is not purely instructional.
magick "${CHOSEN_PIC}" \
-resize "${WIDTH}x" \
-resize "${WIDTH}x${HEIGHT}^" \
-gravity center \
-extent "${WIDTH}x${HEIGHT}" \
/tmp/oc-bg-resized.pngRun it only in a trusted local environment and confirm ImageMagick is installed from a trusted source.
A stale or modified config could cause future images to use the wrong photo folder, author details, or shell content.
The skill encourages a persistent shell config file containing photo paths and identity/contact text. Because it is sourced, changes to that file can affect future runs.
cat > ~/.image-quote-overlay-config.sh << 'EOF' PICS_DIR="/path/to/your/images" AUTHOR_NAME="Your Name" AUTHOR_ROLE="Your Role" AUTHOR_CONTACT="your-website.com" EOF # Sử dụng cấu hình source ~/.image-quote-overlay-config.sh
Keep the config file private, review it before sourcing, and use only simple variable assignments in it.
A personal photo-derived image could be passed to posting or upload skills if the user connects those workflows.
The skill explicitly supports handing the generated image path to other skills. This is useful, but the artifacts do not define approval or data-boundary rules for downstream skills.
Các skill khác có thể sử dụng đường dẫn ảnh ### Tích hợp với skill khác - **linkedin-post** - **facebook-post** - **wordpress-post** - **x-post**
Before chaining this with social-media or WordPress skills, confirm where the generated image will be uploaded or posted.
A wrong quote, wrong photo, or wrong author/contact setting could be carried into later publishing workflows.
The documented workflow allows an image generated from a local random photo and quote text to flow into upload/posting steps. That is purpose-aligned, but mistakes can propagate into public outputs.
### Workflow 1. Tạo ảnh quote với script 2. Upload ảnh lên platform (LinkedIn, Facebook, WordPress) 3. Đăng bài với ảnh
Preview generated images before allowing any connected skill or cron workflow to upload or publish them.
If connected to cron outside this package, the skill could run repeatedly and generate images without manual initiation each time.
The documentation describes scheduled use. The artifacts do not include code that installs cron jobs, but users should be aware if they configure recurring automation.
### Cron jobs Skill này được dùng trong các cron jobs: - LinkedIn Daily Content Draft (7:00) - Facebook Draft (12:00) - WordPress Post (11:00)
Only add cron or scheduled workflows intentionally, and periodically review any connected posting automation.