v1.0.0

Birdfolio

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:52 AM.

Analysis

Birdfolio mostly matches its bird-tracking purpose, but it stores data externally and has a card-rendering path that can run untrusted card content, so it should be reviewed before installing.

GuidanceBefore installing, decide whether you are comfortable with Birdfolio storing your Telegram-linked birding data in its Railway API and keeping photos/cards locally. Do not configure R2 secrets unless you intentionally want public card uploads. The maintainer should fix the card-generation path by escaping dynamic HTML fields or disabling JavaScript in the renderer.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

scripts/generate_card.py

"{{COMMON_NAME}}": args.species, ... "{{FUN_FACT}}": args.fun_fact, ... card_html = card_html.replace(key, value)

User- and search-derived values are inserted into generated HTML by raw string replacement; the included screenshot flow renders these card files in Chromium, so malicious HTML or script content could become active during card generation.

User impactA malicious species name, region, or web-derived fact could cause the card renderer to load unexpected content or run browser-side code in the local rendering context.

RecommendationEscape all dynamic HTML fields, validate CSS/image inputs, restrict image URL schemes, and disable JavaScript in the screenshot renderer if scripts are not required.

Tool Misuse and Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

use `exec` to find the most recently downloaded file in OpenClaw's temp/media folder ... Save the photo to `birdfolio/birds/{slug}-{timestamp}.jpg`

The fallback photo-location instruction is purpose-aligned, but selecting the most recent media file is less precise than using the explicit attachment path.

User impactIf attachment metadata is missing, the agent could accidentally persist the wrong recent media file.

RecommendationPrefer the exact message attachment path; if falling back to a media-folder search, confirm the selected file with the user before saving or sending it.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

The artifacts provide limited provenance information even though the skill includes executable helper scripts and external-service integrations.

User impactUsers have less context for who operates the API and maintains the helper code.

RecommendationReview the included scripts before use and prefer a version with a documented source repository, maintainer, and dependency/credential requirements.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/upload_card.py

with open(secrets_path) as f: cfg = json.load(f) ... aws_access_key_id=cfg["access_key_id"], aws_secret_access_key=cfg["secret_access_key"] ... s3.put_object(

The optional upload helper reads Cloudflare R2 credentials from a local secrets file and can publish card PNGs, while registry metadata declares no credentials.

User impactIf this helper is used, the skill can use your R2 bucket credentials and may create publicly reachable card images.

RecommendationDo not provide R2 secrets unless you intend public card uploads; use least-privilege credentials limited to a dedicated bucket or prefix, and document this credential requirement.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/log_sighting.py

api_post(api_url, f"/users/{telegram_id}/sightings", { "common_name": args.species, ... "region": args.region, ... })

Sightings are sent to an external API keyed by the locally stored Telegram ID, which is consistent with the stated tracking purpose but means birding data leaves the local workspace.

User impactYour Telegram identifier, region, and bird sightings may be stored by the Birdfolio API.

RecommendationInstall only if you are comfortable with that external storage; the maintainer should document retention, access controls, and deletion options.