Skillv1.0.2

ClawScan security

Nvidia Sdxl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 5:48 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (call NVIDIA's image-generation API and save PNGs) but contains an undeclared, hard-coded API key and a few deployment mismatches that make it inconsistent and potentially risky.
Guidance: This skill will call NVIDIA's API and save images locally, which matches its description — but it contains a hard-coded API key in index.py even though no credentials are declared. That is risky: the embedded key could be expired, overused, or abused by the publisher, and distributing a secret in the code is a security smell. Before installing or running: (1) Do not trust the embedded API key — remove it and require a user-supplied key via an environment variable or config. (2) Verify you are comfortable with requests to ai.api.nvidia.com and any billing implications on the NVIDIA account behind that key. (3) Ensure the runtime has Python and the 'requests' package, and create/validate the workspace directory (~/.openclaw/workspace). (4) If you control the account that provided the key, rotate the key immediately; if you do not control it, avoid using the embedded key and replace it with your own. (5) If you need higher assurance, request the publisher remove secrets from code, and/or run the skill in an isolated environment to limit any potential misuse.

Review Dimensions

Purpose & Capability: concernName/description and the code align (text -> NVIDIA SDXL -> PNG). However, the bundle requests no credentials yet index.py embeds a hard-coded API_KEY constant. A production-quality SDXL skill should accept a user-supplied API key (env var or config) rather than shipping one inside the code. Also there is no declared dependency on Python or the 'requests' library despite the presence of a Python entrypoint.
Instruction Scope: concernSKILL.md describes generating and saving images to the OpenClaw workspace, which index.py does. But SKILL.md omits any mention of authentication or a required API key; the code instead uses an embedded key. The code writes files to ~/.openclaw/workspace (assumes that path exists) and makes network calls to ai.api.nvidia.com — these are expected for the stated purpose, but the omitted credential handling is a scope/information mismatch.
Install Mechanism: noteNo install spec is provided (instruction-only), which minimizes installer risk. However, the included code requires a Python runtime and the 'requests' package; those dependencies are not declared. That mismatch can lead to runtime failures but is not itself malicious.
Credentials: concernThe package declares no required environment variables or credentials, yet contains a hard-coded API key (API_KEY) inside index.py. This is disproportionate and problematic: a credential is present but not declared, and it's being shipped in plaintext inside the codebase. There are no other environment accesses.
Persistence & Privilege: okThe skill is user-invocable and not always-enabled; it does not request elevated or persistent platform privileges and does not modify other skills or system-wide settings. It does write image files into the user's ~/.openclaw/workspace directory, which is consistent with its functionality.