github-image-hosting
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: github-image-hosting Version: 1.0.0 The skill is designed to upload images to img402.dev and embed them in GitHub contexts using standard CLI tools like `curl` and `gh`. All commands and instructions are transparent, directly support the stated purpose, and show no evidence of data exfiltration beyond the intended image upload, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. The third-party service `img402.dev` is explicitly named and described, including its limitations and a paid tier, suggesting a legitimate (though temporary) image hosting service.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the screenshot contains private information, it may be exposed through the hosted image URL for the documented retention period.
The workflow sends the selected image or screenshot to an external image-hosting provider and returns a hosted URL for embedding.
curl -s -X POST https://img402.dev/api/free -F image=@/tmp/screenshot.png
Review screenshots before uploading, avoid secrets or private data, and remember the hosted link is not suitable for permanent or confidential documentation.
Running these commands can publish or modify GitHub content as the currently logged-in GitHub user.
The documented GitHub integration can edit PR descriptions or add PR/issue comments using the local gh CLI’s authenticated GitHub identity.
gh pr edit --body ...; gh pr comment --body ...; gh issue comment 123 --body ...
Confirm the repository, PR or issue number, and comment/body content before using the gh commands.