ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Meme Generator

v1.1.0

Generates context-aware memes by selecting optimal templates and crafting witty captions for any topic, situation, or social media content.

0· 908·2 current·2 all-time
by@olisim02
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included Python script all focus on selecting meme templates and calling the imgflip API to produce images. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
Runtime instructions stick to template selection, caption generation, and calling imgflip. The SKILL.md does not ask the agent to read arbitrary files or exfiltrate unrelated data. Note: both SKILL.md and the script explain how to set IMGFLIP_USER/IMGFLIP_PASS and the script contains fallback hard-coded imgflip credentials.
Install Mechanism
No install spec; this is an instruction-only skill with a small Python script using stdlib urllib. Nothing is downloaded from untrusted URLs and no archives are extracted.
Credentials
The skill does not require any environment variables but optionally reads IMGFLIP_USER and IMGFLIP_PASS. The included script embeds default imgflip credentials (username 'davememebot', password 'DaveMakes3Memes!') — this is proportionate to the stated purpose but is a privacy/abuse risk (see guidance). No other credentials are requested.
Persistence & Privilege
always:false and no special privileges requested. The skill does not modify other skills or system-wide config and does not request persistent presence beyond normal agent invocation.
Assessment
This skill appears to do only what it says: choose meme templates and call imgflip to create images. Before installing, consider: (1) The script includes hard-coded imgflip credentials — those are a shared account and could be abused or rate-limited; prefer exporting your own IMGFLIP_USER/IMGFLIP_PASS if you plan frequent use. (2) Captions and topics you send are transmitted to imgflip's API and may be subject to their terms or become public; do not send sensitive or private data. (3) The skill can invoke autonomously (normal default), but it does not request broad credentials or system access. If you want extra safety, inspect/replace the embedded credentials in the script and confirm you are comfortable with the external network call to https://api.imgflip.com/caption_image.

Like a lobster shell, security has layers — review code before you run it.

latestvk97erjh921nn2365sdvtfb97yh815xrr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments