Skillv1.0.0

ClawScan security

I Love You Mom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 8:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (collect WhatsApp photos and build a Mixtiles cart) is generally coherent with its code, but there are mismatches in declared requirements and it reaches into other skills and external services in ways the registry metadata doesn't document—worth extra caution before installing.
Guidance: This skill broadly does what it says (download images from a WhatsApp group, pick the best ones, build a Mixtiles cart and send it), but there are a few things to check before installing or enabling it: - Verify the wacli binary: ensure it's the trusted WhatsApp CLI you expect and that its authentication/session is limited to the account you intend to use. The skill will access group messages and media via wacli. - Provide an explicit environment configuration: set MIXTILES_GROUP_JID and MIXTILES_SEND_TO deliberately. Note the registry metadata did not declare these vars — treat that as a gap and confirm the values before running. - Inspect the mixtiles-it script (the one this skill calls) before use: it uploads photos to Cloudinary to build the cart. Confirm what credentials that script uses and whether uploads are private or stored externally. If you do not trust external cloud uploads for family photos, do not run until you review/modify mixtiles-it. - Be aware of data flow: photos are downloaded locally, then uploaded externally (Cloudinary) and a cart link is sent to the WhatsApp group. Make sure all participants are OK with this sharing. - Test non-destructively: run the collect-photos.sh manually with a safe group or test group and inspect the JSON manifest and downloaded files first. Confirm behavior and error handling match expectations. If you need higher assurance, request the owner to update the registry metadata to list the required env vars and to declare the dependency on the mixtiles-it skill (and any Cloudinary credentials) so you know exactly what secrets/config will be used.

Review Dimensions

Purpose & Capability: noteThe skill's name/description match the actual behavior: it uses wacli to fetch images from a WhatsApp group, curates them, and calls an external mixtiles-it script to upload to Cloudinary and build a cart. Required binaries (wacli, jq, python3) are appropriate. However, the registry metadata lists no required environment variables while SKILL.md documents required variables (MIXTILES_GROUP_JID, MIXTILES_SEND_TO, etc.), which is an inconsistency.
Instruction Scope: noteSKILL.md stays on-task (collect, curate, package, send). The script only reads/downloads group image messages via wacli and writes files to an output dir. Two points to note: (1) the skill relies on the agent's vision capability to inspect images (expected for curation), and (2) it explicitly locates and runs another skill's script (~/.openclaw/.../mixtiles-it/scripts/mixtiles-cart.py), which means it will access files from a different skill in the workspace. There are no hidden external endpoints in the included files, but the downstream mixtiles-it script will upload images to Cloudinary (external upload) — users should review that script/behavior before use.
Install Mechanism: okThis is an instruction-only skill with no install spec. That minimizes install-time risk — nothing is downloaded or written by an installer. The runtime requires local binaries (wacli, jq, python3), which is standard for this workflow.
Credentials: concernSKILL.md requires several environment variables (MIXTILES_GROUP_JID, MIXTILES_SEND_TO, MIXTILES_PHOTO_COUNT, MIXTILES_TILE_SIZE) but the registry lists none; this registry/manifest mismatch is a configuration consistency issue. The skill does not declare or request credentials explicitly, but it depends on wacli which in practice requires an authenticated WhatsApp session (not documented). Also the skill will cause images to be uploaded to Cloudinary via the external mixtiles-it script — that implies use of additional credentials/config not declared here. Overall, credential and environment requirements are under-documented.
Persistence & Privilege: okThe skill does not request persistent or elevated platform privileges (always:false). It does reference and execute another skill's script inside the workspace, but it does not modify other skills' configurations. Autonomous invocation is allowed (default) which is normal; combine this with the above concerns about data access when deciding whether to allow autonomous runs.