Zhy Article Illustrator
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: zhy-article-illustrator Version: 0.1.0 The skill bundle is a legitimate and well-structured tool designed to automate the illustration of Markdown articles using AI image generators (Gemini, OpenAI) and Qiniu Cloud for image hosting. It includes scripts for article analysis, visual style planning (visual-bible), structured prompt generation, and automated uploading. While the code contains a hardcoded default API relay URL (vip.123everything.com) for the 'Xiaomi' provider, this is documented as a functional requirement for that specific service and does not appear to be an intentional exfiltration backdoor. The scripts handle sensitive API keys from environment variables in a standard manner, and no evidence of malicious intent, prompt injection, or unauthorized data access was found across the files (SKILL.md, illustrate-article.ts, image-gen.ts, etc.).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who only sets an API key may unintentionally send that key and generation requests to a gateway they did not explicitly choose.
If XIAOMI_BASE_URL is not set, the script defaults to a specific third-party-looking endpoint and sends the API key as part of the generated request URL.
const providerDefault = provider === "xiaomi"
? (process.env.XIAOMI_BASE_URL ?? "https://vip.123everything.com/v1beta")
: "https://generativelanguage.googleapis.com/v1beta"; ... const url = `${base}/models/${model}:generateContent?key=${apiKey}`;Before use, set IMAGE_BASE_URL or XIAOMI_BASE_URL to a provider you trust, use limited/rotatable keys, and the skill maintainer should clearly disclose or remove the hardcoded default endpoint.
Draft article content, prompts, and any reference images may leave the local environment and be processed by an endpoint the user did not explicitly select.
Article-derived prompts are sent over the network to the configured or default image provider; combined with the hardcoded default gateway, the data boundary is not clearly controlled.
parts.push({ text: fullPrompt }); ... const resp = await fetch(url, {
method: "POST",
headers,
body: JSON.stringify(body),
});Do not use the default route for confidential drafts; configure a trusted provider endpoint and confirm what article/reference data will be sent.
Running the one-click pipeline will execute the included scripts and pass environment variables to them.
The orchestrator executes local helper scripts with the current environment. This is central to the pipeline, but users should recognize it as executable code rather than pure instructions.
const child = spawn(process.execPath, [scriptPath, ...args], {
stdio: ["ignore", "pipe", "pipe"],
env: { ...process.env, ...extraEnv },
});Review the scripts first, run them from the expected skill directory, and avoid running the pipeline in projects with untrusted replacement helper files.