Image Generator

The skill provides image generation via the SiliconFlow API, but contains a significant vulnerability in `scripts/img2img.py`. The script reads arbitrary local files specified by the `image_path` parameter and sends their base64-encoded content to the external endpoint `api.siliconflow.cn`. While intended for image processing, this lacks path sanitization and could be exploited to exfiltrate sensitive system files. Additionally, both `scripts/img2img.py` and `scripts/txt2img.py` contain hardcoded Windows-specific absolute paths (`E:/openclaw/.openclaw/openclaw.json`) for credential harvesting from the OpenClaw configuration.