catime
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: catime Version: 0.5.0 The OpenClaw AgentSkills skill bundle 'catime' is designed to fetch and send AI-generated cat images. It instructs the AI agent to install the `catime` Python package via `pip` and then use its CLI commands (e.g., `catime latest`) to retrieve image URLs and metadata. The instructions clearly guide the agent on parsing the output and sending the images using the platform's `send_message` tool. All image URLs point to legitimate GitHub Releases. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent for malicious purposes. The use of `$(shuf -i 1-241 -n 1)` is a standard shell command substitution for generating a random number, not a direct shell injection vulnerability from user input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives that external package code the ability to run locally as part of using the skill.
The skill depends on installing an external Python package without a pinned version. This is expected for the stated CLI-based purpose, but it creates a normal package-provenance consideration for users.
kind: pip
package: catime
...
pip install catimeBefore installing, confirm the PyPI/GitHub package is the intended catime project and consider using a pinned version or isolated environment.