Fast Image
Quickly send local images to channel. Auto-compress large images, copy small images directly.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 1 · 225 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and the bundled send_image.mjs are consistent: the script copies or compresses a local image and invokes the openclaw CLI to send it. Declared dependencies (Node, sharp, openclaw CLI) match the implemented behavior.
Instruction Scope
The runtime instructions operate only on the provided image path, a temporary media directory, and the openclaw CLI. Two implementation notes: the TMP_DIR is set to the literal string "~/.openclaw/media/browser/" (the script does not expand '~' to the user's home directory), which is likely a bug/behavior mismatch; and spawn(...) is invoked with shell: true and unescaped arguments, which could allow shell injection if an untrusted actor supplies a crafted image path. The script otherwise does not read unrelated files or env vars.
Install Mechanism
This is instruction-only with one bundled JS file and no install spec; nothing is downloaded or written by an installer. The script requires the sharp package and the external openclaw CLI but does not automatically fetch them.
Credentials
No environment variables, credentials, or config paths are requested. The resources accessed (local image and a local/openclaw media directory) are proportional to the stated task.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills, and does not alter system-wide configuration. It only runs the included script when invoked.
Assessment
This skill appears to do what it says: compress or copy a local image then call your openclaw CLI to send it. Before installing/using: 1) Ensure you have the openclaw CLI and the sharp Node package installed. 2) Be aware of two implementation issues you may want to fix: the script uses the literal path "~/.openclaw/..." instead of expanding ~ to the home directory (so it may create a directory named "~" instead of using your home), and it spawns the openclaw command with shell: true and unescaped arguments — if you or another agent can pass untrusted file paths, that could permit shell injection. 3) Confirm you're comfortable with the script deleting the temporary file after sending (it skips deletion for channel 'qqbot'). If you want to harden it, update TMP_DIR to use os.homedir(), and invoke the CLI with spawn/execFile without shell or ensure arguments are safely escaped.send_image.mjs:75
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.2
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
fast-image
Quickly send local images to specified channel. Auto-handles image copy/compress and send.
Usage
node {baseDir}/send_image.mjs "<image_path>" <channel> <target> [message]
Parameters
| Parameter | Description | Required |
|---|---|---|
image_path | Full path to image | Yes |
channel | Target channel name | Yes |
target | Target user/group | Yes |
message | Optional message | No |
Features
-
Image processing
- File < 10MB: Copy directly to
~/.openclaw/media/browser/ - File >= 10MB: Compress with sharp then copy
- File < 10MB: Copy directly to
-
Send: Use
openclaw message send --mediato send -
Cleanup: Auto-delete temp file after sending
Examples
node {baseDir}/send_image.mjs "~/Pictures/photo.png" telegram @chatname
node {baseDir}/send_image.mjs "~/Downloads/large.jpg" telegram @chatname "landscape"
Dependencies
- Node.js
- sharp:
npm install sharp - openclaw CLI
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…