Image Generate
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: image-generate Version: 1.0.0 The skill bundle is classified as suspicious due to a critical shell injection vulnerability and potential arbitrary file write. The `SKILL.md` instructs the agent to execute `python scripts/image_generate.py "<prompt>"`, directly embedding the user-provided prompt into a shell command without apparent sanitization, which could lead to arbitrary command execution if the agent's execution environment does not handle this. Additionally, the `scripts/image_generate.py` script uses the `IMAGE_DOWNLOAD_DIR` environment variable to determine where to save generated images, posing a risk of arbitrary file writes or path traversal if this variable can be controlled by an attacker.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or adversarial prompt could cause problems if an agent builds the shell command unsafely.
The prompt is passed to a local command. This is central to the skill's purpose, but agents should avoid unsafe shell interpolation when the prompt contains quotes or shell metacharacters.
运行脚本 `python scripts/image_generate.py "<prompt>"`
Invoke the script with safe argument passing or careful quoting, and avoid treating prompt text as executable shell content.
The skill can consume quota or access the configured image-generation account associated with the provided API key.
The skill uses API credentials for the image-generation provider. This is expected for this integration, and the artifacts do not show hardcoded keys, logging of secrets, or unrelated credential use.
优先读取 `MODEL_IMAGE_API_KEY` 或 `ARK_API_KEY` 环境变量。
Use a scoped API key where possible and confirm the account, quota, and billing implications before use.
The skill may fail unless the dependency is already installed, and users need to trust the installed SDK source.
The script depends on an external SDK, but the artifact set has no install specification. This is a setup/provenance gap rather than evidence of malicious behavior.
from volcenginesdkarkruntime import Ark
Install the SDK from a trusted source and pin or review the dependency version in environments where reproducibility matters.