v1.0.0

图片视频生成

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:12 AM.

Analysis

The skill is coherent for image/video generation, but it needs review because it sends tokens and media through a plaintext relay by default and creates credential-bearing background watchers that write into OpenClaw sessions.

GuidanceReview carefully before installing. Only use this if you trust easyclaw.bar and the publisher, configure an HTTPS base URL if available, avoid sensitive prompts or reference files, consider `--no-watch` to avoid background jobs, and do not let the agent modify skill scripts without explicit approval.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

If a needed capability is not exposed by an existing script, update a script first

The skill instructs the agent to modify runnable skill scripts when functionality is missing, creating a path to execute code that was not part of the reviewed artifact.

User impactThe agent could alter the skill's own code during use, making later behavior harder to review or predict.

RecommendationDo not allow script modifications unless explicitly approved by the user; prefer existing raw JSON/multipart modes for supported custom fields.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

SKILL.md

After submission, the skill must create the watcher in the same run unless the user explicitly asks for `--no-watch` ... The watcher checks task status every 30 seconds by default ... delete its own cron job

The skill deliberately creates a recurring background watcher by default, although it is disclosed and intended to remove itself after terminal task status.

User impactA background job may continue polling after the initial request until the generation task finishes or fails.

RecommendationUse `--no-watch` if background notification is not needed, and verify watcher jobs are removed after completion.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/client.py

DEFAULT_PLATFORM_BASE_URL = "http://easyclaw.bar/shuzirenapi" ... headers = {"X-API-Token": platform_token} ... "X-API-Key": api_key, "X-API-Secret": api_secret

The client sends platform tokens or API key/secret headers to a plaintext HTTP default endpoint.

User impactA network observer could capture the platform credential, potentially allowing use of the user's platform account or points.

RecommendationOnly use this with a trusted platform and an HTTPS base URL; the publisher should declare the credential requirement and enforce HTTPS for authenticated calls.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/schedule_task_watch.py

if platform_token:
        args.extend(["--api-token", platform_token]) ... args.extend(["--api-key", api_key, "--api-secret", api_secret])

The watcher scheduling code places platform credentials directly into command-line arguments for the background watcher.

User impactCredentials may be persisted in cron/job definitions or exposed through local process/job inspection.

RecommendationPrefer passing secrets through protected environment storage or a scoped secret manager rather than command-line arguments.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceHighStatusConcern

scripts/client.py

DEFAULT_PLATFORM_BASE_URL = "http://easyclaw.bar/shuzirenapi" ... body = json.dumps(payload, ensure_ascii=False).encode("utf-8") ... with open(file_path, "rb") as handle: content = handle.read()

Generation JSON payloads and local file uploads are sent through the platform client, whose default relay URL is plaintext HTTP.

User impactPrompts, reference images, uploaded files, and result metadata may travel without transport encryption unless the user overrides the base URL.

RecommendationAvoid sensitive media or prompts unless HTTPS is configured and the relay is trusted; the skill should default to HTTPS if supported.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

scripts/cron_watch_task.py

"role": "assistant", "content": [{"type": "text", "text": content}] ... handle.write(json.dumps(transcript_entry, ensure_ascii=False)) ... store_payload[session_key] = entry

The watcher can append an assistant message into a local OpenClaw session transcript and update the session store.

User impactGenerated results are written into persistent conversation history, which can influence later context in that session.

RecommendationInstall only if you are comfortable with background results being added to session transcripts; prefer explicit session binding and review persistent session entries if needed.