ClawHub
Back to skill
v1.0.2

Image Sprout

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:36 AM.

Analysis

No malicious behavior is evident; the skill is a coherent image-generation CLI guide, but users should protect the local OpenRouter key, saved project data, and optional unauthenticated web UI.

GuidanceBefore installing, verify the image-sprout CLI source, use a dedicated OpenRouter key, avoid sensitive reference images unless you are comfortable storing them in the project, keep the web UI private, and use explicit project names in multi-agent workflows.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown ... Required binaries (all must exist): image-sprout ... No install spec

The skill delegates work to an external CLI that is not included or installed by the provided artifacts; this is not suspicious by itself, but the installed binary's provenance matters.

User impactThe behavior and security of the skill depend on the image-sprout CLI already present on the user's machine.
RecommendationInstall image-sprout only from a trusted source, preferably the stated project homepage, and keep it updated.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Security: do not expose the web UI to the public internet. The server has no authentication.

The optional web UI is explicitly disclosed as unauthenticated; this is usable for local review but risky if exposed to untrusted networks.

User impactIf the web UI is launched on an untrusted network, other people could access the Image Sprout interface and local project data.
RecommendationRun the web UI only on localhost or a trusted private network, and do not expose it publicly.
Cascading Failures
SeverityInfoConfidenceHighStatusNote
SKILL.md
`image-sprout project use <name>` sets a shared "current project" state on disk. When multiple agents or processes run concurrently, this state can collide.

The artifact identifies shared mutable state that could cause concurrent agents to operate on the wrong project if the shortcut is used.

User impactParallel workflows could generate into, read from, or modify the wrong project if they rely on shared current-project state.
RecommendationFollow the skill's guidance to always pass `--project <name>` explicitly in agent workflows.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Image Sprout stores its OpenRouter key on disk. Set it once per machine:

The skill uses a provider API key and stores it locally; this is expected for OpenRouter-backed image generation but is sensitive account authority.

User impactAnyone with access to the local configuration or machine may be able to use or compromise the provider credential, potentially causing account usage or charges.
RecommendationUse a dedicated, revocable OpenRouter key if possible, protect local config files, and revoke the key if the machine or configuration is exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
reference images, derived guides, and persistent instructions

The skill intentionally persists project context that can be reused to influence later generations.

User impactSensitive reference images, style guides, subject guides, or saved instructions may remain on disk and affect future outputs unless reviewed or removed.
RecommendationKeep separate projects for separate contexts, avoid adding sensitive images unless acceptable, and review or clean project data when it should no longer be reused.