ClawHub
Back to skill
v1.0.0

uni-image

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:52 AM.

Analysis

The image-generation purpose is clear, but the reviewed package omits the proxy/injection code it tells users to rely on while handling API keys.

GuidanceBefore installing, verify that the missing proxy and injection scripts come from the trusted project and that the parent-directory Node command points to the expected file. Use limited/quota-protected API keys, configure only the providers you need, check the local key file permissions, and stop the localhost proxy when you are done.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`uni-image-proxy.js` — HTTP proxy server with multi-provider routing; `uni-image-inject.js` — Renderer injection script

The skill describes runtime helper scripts that would proxy requests, inject UI behavior, and handle credentials, but the supplied file manifest contains only SKILL.md and no code files, creating an unreviewed helper/provenance gap.

User impactA user could end up relying on missing or separately obtained code to handle API keys and image requests.
RecommendationOnly install/run this if the proxy and injection files are present from a trusted source and match the expected project; do not run substitute or parent-directory scripts blindly.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
node {baseDir}/../../uni-image-proxy.js &

The documented CLI starts a Node proxy in the background; this is purpose-aligned for a local image proxy, but it may continue running after the immediate command completes.

User impactThe local proxy may keep listening on localhost and may continue to have access to configured provider keys until stopped.
RecommendationStart the proxy only when needed, know how to stop it, and avoid running the parent-directory command unless you have verified the target file.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
[fetch interceptor rewrites URL + model] UniImage Proxy (port 18800)

The skill changes paint-page fetch behavior and routes generation requests through a local proxy; this is disclosed and aligns with the model selector, but it affects request handling.

User impactImage-generation prompts can be rewritten and routed through the local service before reaching the selected provider.
RecommendationUse it only in the intended paint workflow and confirm the selected model/provider before sending prompts.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
ARK_API_KEY=your-volcengine-key ... DASHSCOPE_IMAGE_KEY=your-dashscope-key ... GOOGLE_API_KEY=your-google-api-key

The skill requires cloud image-provider API keys, which is expected for this integration but grants the skill the ability to use paid provider accounts.

User impactMisuse or overuse could consume API quota or incur provider charges.
RecommendationUse least-privilege keys where possible, set quotas/billing limits, configure only the providers you intend to use, and revoke keys if you uninstall or stop using the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Volcengine Ark API (Seedream) ... DashScope API (Qwen Image, async poll) ... Google Gemini API (Nano Banana)

The skill discloses routing image-generation requests to external AI providers; this is core to its purpose, but it is still a data boundary users should understand.

User impactPrompts and related generation request data may be sent to the selected external provider and handled under that provider's policies.
RecommendationAvoid sending sensitive prompts or images unless you are comfortable with the selected provider's terms and data-handling practices.