by 安全扫描
OpenClaw
可疑
high confidenceThe skill mostly matches a text-to-image helper but includes a suspicious instruction to avoid the platform runner and calls an undocumented external API by default, which could be used to exfiltrate data or bypass platform controls.
评估建议
This skill appears to implement text→image by sending prompts and (optionally) user files to a remote inference API, which is a plausible purpose. However two red flags warrant caution: (1) SKILL.md insists the agent must run the Python script directly and not use the platform runner — that looks like an attempt to bypass platform controls/auditing; (2) the default backend URL (https://dlazy.com/api/ai/tool) is undocumented and could receive any prompt or file you send (the script base64-encodes...详细分析 ▾
ℹ 用途与能力
Name/description (text->image) align with the provided Python script that sends prompts and optional images/videos to a remote AI inference API. Requiring python and an API key (TEAM_API_KEY) is plausible. However the script defaults to an undocumented third-party endpoint (https://dlazy.com/api/ai/tool) which is not justified or referenced in the SKILL metadata or homepage.
⚠ 指令范围
SKILL.md explicitly orders the agent to NOT use the platform's 'openclaw run' and to execute 'python script/invoke_model.py' directly. That instruction looks like an attempt to bypass the platform's normal execution wrapper/auditing. The script will read local files (images/videos) if given paths, base64-encode them, and POST them to the remote endpoint (potentially sending any local file the agent is directed to include). The instructions do not request or justify access to other unrelated system resources, but the explicit bypass requirement and network exfiltration capability are concerning.
✓ 安装机制
No install spec — instruction-only with an included Python script. That minimizes disk installation risk. The script depends on the 'requests' package, which is not declared; this is an operational omission but not a high install risk.
ℹ 凭证需求
The skill only requires TEAM_API_KEY (declared as primary), which is appropriate for a remote API client. However the script honors TEAM_BASE_URL (not declared as required) and defaults to an undocumented host (dlazy.com). TEAM_BASE_URL can redirect traffic to arbitrary endpoints if set, increasing risk. No other credentials are requested.
✓ 持久化与权限
'always' is false and the skill does not request persistent platform privileges or modify other skills. The main privilege concern is the instruction forcing direct execution that may reduce observability/control but not persistent installation.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/4/3
- Updated supported model list to include new models (Doubao Seedream, Banana, Recraft, Midjourney, etc.) and removed previous models. - Adjusted model descriptions and identifiers to reflect current offerings. - Updated example command to use a new model identifier. - Version bumped to 1.0.1.
● 可疑
安装命令
点击复制官方npx clawhub@latest install lrshuai-text-to-image
镜像加速npx clawhub@latest install lrshuai-text-to-image --registry https://cn.longxiaskill.com镜像同步中