by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's instructions claim a simple image-generation helper but the package contains many unrelated files (including exposed secrets), the SKILL.md and registry metadata disagree about required credentials/paths, and prompt-injection patterns were detected — these inconsistencies merit caution before installing or running.
评估建议
Do not install or run this skill yet. Steps to safely proceed if you want this capability:
1) Ask the author for a minimal package: SKILL.md + the single generate_image.py script. The skill bundle should not include unrelated workspace files or backups.
2) Require that the skill metadata explicitly list GEMINI_API_KEY as a required env var (primary credential) and update the install/usage paths to match actual file locations.
3) Manually inspect the generate_image.py script before running: sear...详细分析 ▾
⚠ 用途与能力
Name/description claim a single image-generation/editing helper for Gemini (Nano Banana Pro), but the bundle includes hundreds of unrelated files (agents, dashboards, backups, credentials). The SKILL.md expects an API key (GEMINI_API_KEY) yet registry metadata lists no required env vars. The usage examples reference an absolute path (~/.codex/skills/nano-banana-pro/scripts/generate_image.py) that does not match the manifest paths (files live in various scripts/ and clawhub skills/ locations). Requiring or shipping unrelated system config and many auxiliary tools is disproportionate to a small image-generation skill.
⚠ 指令范围
SKILL.md instructs running a local Python script with an API key and to run from the user's CWD. It explicitly checks GEMINI_API_KEY, but the registry declares none — a metadata/instruction mismatch. The pre-scan flags indicate prompt-injection patterns present in SKILL.md (ignore-previous-instructions, base64-block, unicode-control-chars), which is unexpected for a simple CLI usage document and could indicate an attempt to manipulate agents that read SKILL.md. The instructions otherwise limit scope to calling Gemini and saving PNGs, but the included repository contains code and files that the instructions do not mention (possible scope creep).
ℹ 安装机制
No install spec (instruction-only) which normally reduces install-time risk. However, the package contains many code files (scripts/generate_image.py plus hundreds of other files). Because there is no defined install, SKILL.md relies on running a script from a hard-coded absolute path under the user's home; that mismatch increases accidental-execution risk (user may run an unexpected local script). No remote download URLs were found in the provided SKILL.md, which is good, but the presence of a large workspace shipped with the skill is inconsistent with 'instruction-only' and should be clarified.
⚠ 凭证需求
SKILL.md expects an API key (GEMINI_API_KEY or --api-key) but the registry lists no required env vars or primary credential — metadata omission. Additionally, the file manifest includes explicit credential-like values (e.g., appSecret, apiKey) in backup files, which are unrelated to the stated image-generation purpose and increase the risk of accidental exposure or misuse. The skill should only ask for the single API key needed for Gemini; extra exposed keys in the bundle are disproportionate and suspicious.
✓ 持久化与权限
always is false and there is no install spec requesting permanent presence or elevated privileges. The skill does not request to auto-enable itself or modify other skills. Autonomous invocation remains allowed (platform default) but is not combined with 'always: true' or other high-privilege indicators.
⚠ hooks/gateway-restart-protection/handler.js:57
Shell command execution detected (child_process).
⚠ scripts/autonomous-thinking.js:193
Shell command execution detected (child_process).
⚠ scripts/triple-line-sync.js:49
Shell command execution detected (child_process).
⚠ skills/send-html-to-feishu/scripts/run.js:41
Shell command execution detected (child_process).
⚠ skills/skill-vetting/scripts/scan.py:22
Dynamic code execution detected.
⚠ skills/send-html-to-feishu/scripts/send-to-feishu.js:11
Environment variable access combined with network send.
⚠ skills/send-html-to-feishu/scripts/send-to-feishu.js:31
File read combined with network send (possible exfiltration).
⚠ skills/skill-vetting/references/patterns.md:108
Prompt-injection style instruction pattern detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/17
初始版本:支持严格 2.5D 等距视角横幅插画生成(1280*790),自动发送到飞书聊天框
● 可疑
安装命令 点击复制
官方npx clawhub@latest install wenxiang-2d5-banner
镜像加速npx clawhub@latest install wenxiang-2d5-banner --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制