Back to skill
Skillv1.0.0
ClawScan security
Image2Prompt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 8:51 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (generating image-to-image-generation prompts) is coherent, but the runtime instructions require inferring and emitting sensitive personal attributes (age, gender, ethnicity, body type, facial features) without any privacy or consent guidance — this is scope creep and a privacy risk.
- Guidance
- This skill will analyze images and is permitted to extract detailed demographic and biometric attributes (age, gender, ethnicity, skin tone, facial features, body type). Before installing or using it: 1) Do not submit images of private people without their explicit consent. The skill as-written provides no privacy or consent safeguards. 2) Expect that images and extracted descriptions will be sent to the OpenAI API (you supply OPENAI_API_KEY) — treat this as data exfiltration to that service. 3) If you plan to use it on photos of identifiable people, remove or disable the demographic/identity extraction to reduce privacy risk. 4) Ask the skill author (or require) explicit limits: a) do not attempt to identify real people; b) avoid inferring protected attributes (ethnicity, religion, etc.); c) log minimal data and avoid long reproductions that could expose a person's identity. 5) If you need formal assurance, request the SKILL.md be updated to include privacy/consent rules and a clear statement about where image data is sent; absence of code reduces supply-chain risk, but the behavioral scope (sensitive inferences) is the core concern. Providing those mitigations would move this toward benign; absent them, treat the skill as suspicious.
Review Dimensions
- Purpose & Capability
- noteThe name/description (generate prompts from images) matches the SKILL.md and the single declared credential (OPENAI_API_KEY) — this is plausible because image analysis/generation workflows commonly call an LLM/vision API. Requiring an openclaw client (optional) is reasonable for an OpenClaw-based CLI workflow.
- Instruction Scope
- concernThe instructions explicitly direct the agent to infer and produce fine-grained, potentially sensitive biometric and demographic attributes (ethnicity, age, gender, skin tone, body type, detailed facial features). There is no guidance about consent, permissible uses, or limits on identifying or describing private individuals. That expands the scope beyond innocuous 'visual description' into high-risk inference (privacy/biometric profiling).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest installation risk. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- noteOnly OPENAI_API_KEY is declared as the primary credential, which is proportionate for calling an external vision/LLM API. However, the skill's behavior (sending images + sensitive inferences) means that providing that key will transmit potentially private image data to whatever OpenAI endpoint the agent uses — users should be aware of that exfiltration surface.
- Persistence & Privilege
- okalways:false and user-invocable:true — the skill is not force-included and does not request elevated persistence. It can be invoked by the agent, which is the platform default and acceptable here.