Leewow Custom Gifts
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches its gift-preview purpose, but its bash tool commands appear to insert user-supplied text directly into shell commands, which needs review before use.
Install only if you are comfortable uploading selected images to Leewow/Tencent and storing previews locally. Before use, ask the publisher to fix or confirm safe escaping for bash tool parameters and to declare the required Python packages and CLAW_SK credential in metadata.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted tool argument could potentially execute unintended local shell commands on the agent host.
User-controlled string parameters such as image_path and design_theme are interpolated into a bash command. If OpenClaw does not escape template values before shell execution, a quote or shell metacharacter could run commands outside the intended Python script.
"executor": "bash", "command": "python3 scripts/generate.py --image-path '{{image_path}}' --template-id {{template_id}} --design-theme '{{design_theme}}' --aspect-ratio '{{aspect_ratio}}' --json"Use a non-shell/argv-based executor or guaranteed parameter escaping. Also validate and allow-list arguments such as aspect_ratio, task_id, and paths, and reject quotes or shell metacharacters where they are not needed.
Private or sensitive images selected for mockup generation will be sent to Leewow/Tencent cloud infrastructure.
The chosen local image file is uploaded to Tencent COS via Leewow-provided temporary credentials. This is central to generating product mockups, but it means user images leave the local workspace.
with open(file_path, "rb") as fp:
client.put_object(Bucket=bucket, Body=fp, Key=key, ContentType=content_type)Only place images you intend to upload in the workspace. The publisher should document upload destination, retention, cleanup, and acceptable file types more clearly.
Anyone with access to the configured key could act through the Leewow API within that key's permissions.
The skill requires a Leewow secret key and uses it to sign API calls and purchase/preview URLs. This is expected for the provider integration, but it is sensitive account authority.
- `CLAW_SK` — Leewow Secret Key (format: `sk-leewow-{keyId}-{secret}`)Use a least-privilege Leewow key, keep ~/.openclaw/.env private, rotate the key if exposed, and declare this credential requirement in registry metadata.
Installation may depend on whatever package versions are already present or manually installed, which can reduce reproducibility and reviewability.
The skill depends on Python packages, but the supplied metadata says there is no install spec and no required binaries. No pinned dependency manifest is provided in the artifacts.
- Python 3.10+ with `requests` and `cos-python-sdk-v5`
Add an explicit install spec or requirements file with pinned versions, and align registry metadata with the documented Python, package, and CLAW_SK requirements.