Skillv1.0.0

ClawScan security

Fooocus Image Generation Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 5:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement local Fooocus image generation, but there are several inconsistencies and scope surprises (unused declared env var, cloud-fallbacks not declared, use of shell=True in installers) that warrant caution before installing or running it.
Guidance: This skill mostly does what it says (helps run Fooocus locally), but there are a few things to watch for: - The skill metadata declares FOOOCUS_PATH but the scripts ignore it and use ~/Fooocus—so check/define paths yourself and don't assume the skill will honour an env var. - Installing and first runs will download models (~6–10GB) and pip-install large packages (PyTorch). Expect heavy network and disk use. - The install helpers use subprocess.run(..., shell=True) and build shell commands from path components; avoid passing untrusted or specially crafted path values to those scripts to prevent shell injection. Prefer running the install/check commands yourself (inspect them) rather than allowing an agent to run them automatically. - The skill mentions cloud fallbacks (Hugging Face, Replicate) that require API keys but does not declare or manage those credentials—if you plan to use cloud fallbacks, provide keys explicitly and be aware data will go to third-party services. If you want to proceed: (1) review scripts locally before running, (2) run check_env.py and install_fooocus.py manually in a terminal you control, (3) provide a trusted FOOOCUS_PATH if you need a non-default install location, and (4) do not give the skill any unrelated credentials. If you prefer minimal risk, run Fooocus setup commands yourself following the SKILL.md rather than letting an agent invoke them autonomously.

Review Dimensions

Purpose & Capability: concernName/description promise (local Fooocus image generation) matches the included scripts and docs. However the registry metadata declares a primary credential FOOOCUS_PATH (treated like a credential) while the scripts generally use a hard-coded default path ~/Fooocus and do not read FOOOCUS_PATH; that mismatch is incoherent. The SKILL.md claims 'Local only (no internet required after setup)' but the install scripts clone the Fooocus GitHub repo and download models (requires internet).
Instruction Scope: noteSKILL.md and scripts instruct the agent to run environment checks, clone the Fooocus repo, pip-install packages, start a local server, and call the local Gradio API — all consistent with local generation. The docs and quick-ref also push cloud alternatives (Colab, Hugging Face, Replicate) and include code paths/strings for those APIs; the skill may recommend or instruct use of cloud services, even though its description emphasizes local operation. The scripts read and encode local image files for upload to the local API (expected).
Install Mechanism: noteThere is no platform-level install spec (instruction-only), but included scripts perform a git clone of the official Fooocus GitHub repo and pip install packages (including a PyTorch wheel index URL). These are standard but will download large model artifacts and binaries from GitHub/PyTorch. The sources used appear to be official (GitHub, PyTorch index), not arbitrary personal servers.
Credentials: concernThe skill declares a primaryEnv named FOOOCUS_PATH (a path, not a secret) but none of the main scripts actually read that env var—scripts default to ~/Fooocus. The skill refers to cloud alternatives (Hugging Face, Replicate) that require API keys, but those credentials are not declared in requires.env. The declared required binaries (python) and Python packages are appropriate, but the env/credential declarations are inconsistent and misleading.
Persistence & Privilege: okalways is false and the skill does not request elevated platform privileges or set itself to always-on. It does spawn background processes to start Fooocus (subprocess), but it does not modify other skills or system-wide agent configs.