Openai Image Gen
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openai-image-gen-fixed Version: 1.0.2 The skill is classified as suspicious due to a Cross-Site Scripting (XSS) vulnerability in `scripts/gen.py`. The `_write_index` function directly embeds user-controlled or API-returned prompt strings into the `index.html` file without proper HTML escaping. If a malicious prompt (e.g., containing `</pre><script>alert(1)</script>`) is provided, it could lead to client-side code execution when the AI agent executes the `open` command on the generated `index.html` as instructed in `SKILL.md`. This constitutes a significant vulnerability, but not intentional malice by the script's author.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a prompt contains malicious HTML or script, it could run in the browser when the generated gallery is opened.
The script accepts user-provided prompt text and writes it directly into index.html without HTML escaping. Since the skill tells users to open the gallery, crafted prompt text could be interpreted as HTML or JavaScript.
p.add_argument("--prompt", action="append", default=None, help="repeatable; overrides random prompts") ... html.append(f"<pre>{it['prompt']}</pre>")Escape prompt text before inserting it into HTML, for example with html.escape, or render prompts via safe textContent. Avoid opening generated galleries from untrusted prompt content until fixed.
An agent or user could run code outside the reviewed skill package if that hardcoded path exists and differs from the included file.
The documented run command points to a hardcoded home-directory path instead of the packaged scripts/gen.py. In this registry entry the slug is openai-image-gen-fixed, so following the instruction could execute a different local script or fail.
python3 ~/Projects/agent-scripts/skills/openai-image-gen/scripts/gen.py
Change the instructions to use the packaged script path resolved by the skill runtime, and verify the script path before running.
Using the skill can consume OpenAI quota or incur costs, and the API key must be protected.
The skill requires an OpenAI API credential, which is expected for image generation, but the registry metadata lists no required env vars or primary credential.
- Needs env: `OPENAI_API_KEY`
Use a limited-scope OpenAI key where possible, keep it in an environment variable rather than in prompts or logs, and verify expected cost/count settings before running.
If OPENAI_BASE_URL or OPENAI_API_BASE is set unexpectedly, prompts and the API key could be sent to a non-default service.
The API endpoint can be changed by environment variables. The same script sends the API key as a Bearer token, so users should ensure these variables point only to trusted OpenAI-compatible endpoints.
os.environ.get("OPENAI_BASE_URL") or os.environ.get("OPENAI_API_BASE") or "https://api.openai.com"Check or unset OPENAI_BASE_URL and OPENAI_API_BASE before use unless intentionally using a trusted compatible provider.