Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Volc Image Gen
v1.0.0Use Volc Engine AI to generate, edit, batch produce, and create variations of images with customizable styles and sizes.
⭐ 0· 64·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code, SKILL.md, README, and skill.json consistently implement a Volc Engine image-generation skill that requires a VOLC_API_KEY and calls the Volc Engine API. That capability matches the name/description. However, the registry-level metadata provided to this evaluation (top-level summary) claimed "Required env vars: none" and "Primary credential: none", which contradicts skill.json and the SKILL.md instructions that require VOLC_API_KEY (and optionally VOLC_API_BASE and VOLC_IMAGE_MODEL). This metadata mismatch is an incoherence you should resolve before trusting the listing.
Instruction Scope
Runtime instructions and code are narrowly scoped to image generation and editing. They instruct npm install, setting VOLC_API_KEY in shell rc files, and calling the Volc Engine images endpoint. Important operational behavior: loadImage() will read local file paths and convert them to Base64 and the skill will upload that data to the external Volc API. That file-read/upload behavior is expected for an image-edit feature but is a privacy-sensitive action and should be explicit to users (SKILL.md does not clearly warn that local files will be transmitted to the external service).
Install Mechanism
No external download/install spec is present; this is an instruction-plus-source package with a package.json and normal npm deps (axios, p-limit, node-cache). No surprising or high-risk install URLs, archives, or obfuscated install steps were found.
Credentials
The skill requires a sensitive credential (VOLC_API_KEY) which is appropriate for calling the Volc Engine API. However, the top-level registry metadata in the evaluation stub showing "Required env vars: none" contradicts the skill.json and SKILL.md which declare VOLC_API_KEY as required. This discrepancy is concerning: either the registry entry is incomplete/misconfigured or the skill was published without accurately declaring credentials it needs. Aside from the API key and optional base/model vars, no unrelated secrets are requested.
Persistence & Privilege
The skill does not request always:true or any elevated persistent presence. It does write image files to /tmp/openclaw when saving downloads — that is reasonable for its purpose and scoped to a temporary directory. It does not attempt to modify other skills or global agent settings.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md triggered a unicode-control-chars detector. There is no need for hidden unicode control characters in a documentation file; this can be used in some attacks to confuse parsers or evaluations. The SKILL.md content visible here looks normal, but you should inspect the file for invisible characters and remove them or request a clean copy from the author.
What to consider before installing
Things to check before installing/using this skill:
1) Confirm the registry metadata: the package clearly requires VOLC_API_KEY (and optionally VOLC_API_BASE/VOLC_IMAGE_MODEL) but the top-level listing claimed no env vars. Ask the publisher or marketplace to correct the listing if necessary.
2) Treat VOLC_API_KEY as sensitive: grant it only if you trust the Volc Engine service and the skill's author. The skill will send images (including local files you supply) to the external Volc API.
3) Be cautious with local file paths: the skill will read local images and upload them (Base64) to the remote API. Do not pass paths to sensitive files or directories you don't want transmitted.
4) Inspect SKILL.md for hidden characters (the pre-scan found unicode control characters). Prefer a clean copy and consider scanning files for invisible/control characters before running.
5) Run tests and initial usage in an isolated environment (container or VM) and with a limited/test API key to avoid accidental data leakage or unexpected costs.
6) If you need stronger assurance, request source provenance: a trustworthy repository URL, maintainer identity, and release signatures. The included GitHub link in docs should be verified manually.
Overall: behavior is consistent with an image-generation skill, but the metadata mismatch and the control-character finding merit caution — treat this as suspicious until those issues are resolved.src/image-edit.js:51
Environment variable access combined with network send.
src/image-gen.js:103
Environment variable access combined with network send.
src/utils.js:19
Environment variable access combined with network send.
src/utils.js:71
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9750xfp876bh3ezxqxk0ev369840k7x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.