clawaifu - OpenClaw Waifu
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawaifu-selfie Version: 1.0.14 The skill bundle is designed to generate AI-powered selfies and send them via Telegram. Both the `SKILL.md` and `grok-selfie.sh` script demonstrate a clear intent for secure operation. The `SKILL.md` explicitly mentions using `jq` for safe JSON construction and `curl -F` for safe form data transmission to prevent injection, which is confirmed by the script's implementation. User-provided inputs (`USER_CONTEXT`, `CAPTION`) are correctly sanitized when passed to `jq --arg` and `curl -F`, mitigating shell and JSON injection risks. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection against the agent, or obfuscation. The external API calls are to legitimate services (fal.ai, Telegram).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A casual prompt may cause the agent to generate and send an image to the configured Telegram chat.
The skill can run its selfie-sending Bash script, and its trigger list includes broad conversational prompts. This is aligned with the companion/selfie purpose, but users should understand that invocation results in an external Telegram send.
allowed-tools: Bash(grok-selfie.sh:*) Read ... User asks "what are you doing?", "how are you doing?", "where are you?"
Use it only with a Telegram chat you control, and adjust usage expectations if you want images sent only after explicit requests.
Anyone with these environment variables can use the configured fal.ai account and send photos through the configured Telegram bot/chat.
The skill requires credentials for fal.ai and Telegram. These credentials are expected for its stated purpose, and the documentation says to provide them via environment variables rather than hardcoding them.
FAL_KEY=your_fal_api_key ... BOT_TOKEN=your_telegram_bot_token ... TELEGRAM_CHAT_ID=your_chat_id
Use a dedicated Telegram bot and intended chat ID, keep the keys private, and rotate them if they are exposed.
Text included in the image context or caption is shared with external services.
The script sends the generated prompt/user context to fal.ai and sends the resulting image URL, and optional caption, to Telegram. These provider calls are disclosed and purpose-aligned.
curl -s -X POST "https://fal.run/xai/grok-imagine-image/edit" ... curl -s -X POST "https://api.telegram.org/bot$BOT_TOKEN/sendPhoto"
Avoid putting private or sensitive information in selfie prompts or captions unless you are comfortable sharing it with those providers.
The skill may fail or behave differently if curl or jq are missing or supplied by an unexpected local installation.
The skill has no install-time dependency enforcement even though SKILL.md documents curl and jq as dependencies and the included script uses them. This is a setup reliability/provenance note, not evidence of malicious behavior.
No install spec — this is an instruction-only skill. ... Required binaries (all must exist): none
Install curl and jq from trusted system package sources before use.