Skillv1.0.0

ClawScan security

Image Gen Bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 1:40 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with an image-generation orchestration service: it only needs a single spend token and tells the agent to POST prompts to aiprox.dev, which then calls Together.ai; nothing in the bundle requests unrelated credentials or installs code locally.
Guidance: This skill appears to do what it says (send prompts to AIProx which generates images via Together.ai). Before installing: 1) Verify the aiprox.dev endpoint and its privacy/billing policies (owner and homepage are not vetted here). 2) Treat AIPROX_SPEND_TOKEN like money — ensure it is scoped/limited and monitor/limit spend. 3) Do not put secrets or personal data into prompts (they will be sent to a third party and may be forwarded to Claude/Together.ai). 4) If you need stronger guarantees, ask for documentation about where prompts are routed (is Claude used server-side, and does AIProx log prompts?) or use a direct, official Together.ai integration instead. 5) Rotate the token if you suspect misuse and review network allowlists to confirm requests go only to the expected hosts.

Review Dimensions

Purpose & Capability: okName/description (image generation via FLUX/Together.ai) align with the declared requirement (AIPROX_SPEND_TOKEN) and the SKILL.md cURL examples that POST to aiprox.dev. No unrelated env vars or binaries are requested.
Instruction Scope: noteRuntime instructions are narrowly scoped: they show POSTing the prompt and spend_token to https://aiprox.dev/api/orchestrate and returning an image_url. However the doc states prompts are 'enhanced by Claude' and that images come from Together.ai's CDN; those operations are plausible if performed server-side by AIProx but are not shown in the client instructions. The skill will transmit user prompts (and the spend token) to a third-party endpoint — avoid sending sensitive secrets or PII in prompts.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk or fetched during install. That's the lowest-risk install model.
Credentials: noteOnly AIPROX_SPEND_TOKEN is required, which is proportionate for a paid orchestration API. The SKILL.md lists network calls to aiprox.dev and api.together.xyz (expected). The doc makes privacy claims about not logging prompts and transient Claude usage — those are unverifiable from the skill alone. Confirm the token's scope and billing limits before use.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent system-level privileges or modify other skills. Autonomous invocation is enabled by default but is not combined with any unusual privileges here.