Skillv2.0.5

ClawScan security

image-agent-plus · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 10:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions reasonably describe a CLI image generator, but there are mismatches between what it says it will use and what it declares/installs — notably undocumented env vars and expected local CLIs/files — so you should verify before installing or supplying keys.
Guidance: This skill appears to be an instruction-only wrapper that uses OpenAI image2 when you provide an API key and local Codex/Gemini CLIs as fallbacks. Before installing or supplying any API key: 1) Confirm how you will obtain the actual 'image-agent-plus' CLI (the skill does not bundle or install it). 2) Verify you trust the upstream project (GitHub homepage) and inspect the CLI source for network activity or unexpected behavior. 3) Be cautious about providing OpenAI keys — the SKILL.md references these env vars but the skill metadata doesn't declare them. 4) Note the skill will read from ~/.codex and write to ~/Desktop/image-agent-plus-output/ when using Codex; if you have sensitive files under ~/.codex, consider running in an isolated account or VM. 5) If you need higher assurance, ask the publisher for an install script or packaged binary and a clear list of optional dependencies (Codex/Gemini CLIs) and required env vars; avoid pasting secrets into an agent without reviewing how they will be used or stored.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a CLI wrapper that prefers OpenAI image2 with Codex/Gemini fallbacks. However the declared requirements only list 'node' (and the brew install for node). The SKILL.md explicitly expects Codex CLI and Gemini CLI to be installed for fallbacks, but those binaries are not listed in required binaries; similarly, it references OpenAI API key env vars even though requires.env is empty. It's plausible for a tool to optionally use local CLIs and an API key, but the registry metadata should declare those optional dependencies/credentials. The lack of a packaged CLI or install steps for the image-agent-plus tool itself (the skill is instruction-only) increases the chance of friction or hidden assumptions.
Instruction Scope: concernThe runtime instructions direct the agent/user to call the external 'image-agent-plus' CLI, to read from a user home path (~/.codex/generated_images) for Codex output, and to consult environment variables (IMAGE_AGENT_OPENAI_API_KEY, OPENAI_API_KEY, legacy NANOBANANA_*). Reading ~/.codex and copying files is within the stated feature set (collecting locally-generated images), but these filesystem accesses and env-var reads are not declared in the skill metadata and could access user data or require elevated trust. The instructions also tell the agent to 'ask for an API key' in some flows, which would involve handling secret material — that handling is not described nor constrained.
Install Mechanism: noteThe only install step is to ensure Node is installed via brew (node formula). No code files are bundled beyond a minimal package.json and a SKILL.md (instruction-only). This is low-risk in itself, but the skill assumes an external CLI exists (image-agent-plus and optionally Codex/Gemini CLIs) without providing installation instructions for those tools, which is an incoherence to verify.
Credentials: concernThe skill references OpenAI API key env vars (IMAGE_AGENT_OPENAI_API_KEY, OPENAI_API_KEY) and legacy NANOBANANA_* variables in SKILL.md, yet the registry declares no required env vars. Because handling API keys and possible fallback secrets is central to the tool's operation, those expected env vars should be declared. Additionally, the skill will read files from ~/.codex which could contain user data; these accesses are not reflected in declared config paths.
Persistence & Privilege: okalways is false and there is no sign the skill requests permanent system-wide presence or modifies other skills. It does instruct copying files into user paths (~/Desktop/image-agent-plus-output/) but that is normal for a CLI utility's output behavior and scoped to the user's home.