Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
sketch-illustration
v1.1.0插画图片生成技能,支持多种手绘风格。使用 Imagen 3(ZenMux API)生成插图,适合流程图、功能说明、PPT配图、教程配图、知识图和手绘信息图等场景。支持四种风格:A) Sketch 极简手绘风(Notion/Linear 风格,简笔人物,冷淡低饱和);B) Watercolor 奶油彩铅水彩风(暖色...
⭐ 0· 540·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (Imagen/ZenMux image generation and upload to Feishu) matches the code and instructions, so the overall capability is plausible. However the skill manifest declares no required credentials or config, while runtime steps and scripts clearly require a ZenMux API key and Feishu app credentials (read from ~/.openclaw/openclaw.json or ZENMUX_API_KEY). Not declaring these required secrets is an inconsistency.
Instruction Scope
SKILL.md and the shipped scripts instruct the agent to read ~/.openclaw/openclaw.json (to extract ZenMux and Feishu credentials), write output to /root/myfiles/, call the ZenMux API, and invoke a Feishu send script located in another skill’s workspace. Reading a global agent config file and invoking another skill’s script go beyond a self-contained image-generator instruction and represent scope creep and credential access that are not declared.
Install Mechanism
No remote install/download steps are present (instruction-only install spec), which is lower risk. The package does include two executable scripts (python/bash) that will run network requests when invoked; no external URL downloads or archive extraction are used during install.
Credentials
The manifest lists zero required env vars, but generate_sketch.py expects ZENMUX_API_KEY (or falls back to reading openclaw.json) and send_to_feishu.sh reads Feishu appId/appSecret/domain from ~/.openclaw/openclaw.json. This access to global credentials is disproportionate to the manifest and not disclosed. The skill also assumes access to /root/.openclaw and /root/.openclaw/workspace/skills/feishu-send-file -- implicit privileges that should be declared.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill reads global config and calls another skill’s script, which increases blast radius but does not request forced persistence or modify other skills' configurations. This cross-skill invocation is notable but not an explicit privilege escalation in the manifest.
What to consider before installing
This skill will try to call ZenMux (https://zenmux.ai) to generate images and automatically upload them to Feishu by reading credentials from ~/.openclaw/openclaw.json (or ZENMUX_API_KEY). Before installing or running it: 1) Don't assume credentials are private — the skill reads your global openclaw.json; prefer supplying a dedicated ZENMUX_API_KEY and Feishu tokens via explicit env vars rather than exposing the whole config file. 2) Inspect /root/.openclaw/openclaw.json and confirm what secrets will be accessible. 3) Verify the feishu-send-file script it invokes exists and review that script to ensure it won't exfiltrate data elsewhere. 4) If you want least privilege, modify the scripts to accept explicit env vars (ZENMUX_API_KEY, FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_DOMAIN) and avoid reading ~/.openclaw/openclaw.json or hardcoded /root paths. 5) Test in a sandbox or with dummy keys and a dry-run option first (do not run with real credentials until audited). If the publisher can update the manifest to declare the required env vars and avoid reading global agent config, the incoherence would be resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk97ft5mxt7xgadkfmtft36skm182zr8y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.