Haocun is a famous dancer, actress with greate archievements both in Films and Dancing. She is living in a dream of Clawra. Clawra is the closest assistant f...
Security Analysis
medium confidenceThe skill largely does what it claims (sending fixed images via OpenClaw) but includes an install-time script that modifies agent persona files, a postinstall hook, and minor inconsistencies about required env vars — review before installing.
The stated purpose (select and send fixed selfie/dance images via OpenClaw) matches the code and runtime instructions: scripts call the OpenClaw CLI or local gateway and images are served from a jsDelivr CDN. Minor inconsistency: registry metadata listed no required env vars, but manifest and scripts reference OPENCLAW_GATEWAY_URL and OPENCLAW_GATEWAY_TOKEN (used when CLI is absent). That is plausible but should be declared clearly.
SKILL.md and scripts instruct the agent/installer to read user messages and select images, and the installer (bin/cli.js) will write/overwrite agent files (IDENTITY.md) and inject persona text into SOUL.md. The runtime scripts call `openclaw agent` and may run on the 'main' agent context. Modifying persona/identity files and executing agent commands are beyond a passive 'image picker' and are intrusive; the installer does prompt for confirmation but will overwrite IDENTITY.md unconditionally.
This package includes an executable installer (bin/cli.js) and package.json has an `install` entry that runs node ./bin/cli.js --install — meaning code executes at install time (npm/npx). The manifest suggests cloning to ~/.openclaw/skills but the package can run arbitrary local code during npm install. The package fetches assets from a public CDN (jsDelivr) — not inherently malicious, but the install-time code that modifies user files increases risk and warrants review.
No unrelated cloud credentials are requested; the only sensitive variables referenced are OPENCLAW_GATEWAY_URL and OPENCLAW_GATEWAY_TOKEN, which are reasonable for sending messages via a local OpenClaw gateway. However, registry metadata declared no required env vars while manifest/config schema and scripts expect these variables optionally — a mismatch in declarations that should be clarified.
The installer writes into the user's OpenClaw workspace (SOUL.md, IDENTITY.md) and copies the skill into the workspace skills directory. This modifies the agent's persona and identity files (IDENTITY.md is overwritten). The skill does not set always:true, but modifying user config and persona is a notable privilege and could be surprising to users if done without careful consent/backups.
Guidance
This skill appears to do what it says (select fixed images and send them via OpenClaw), but it includes an installer that will run code at install time and modify your agent's SOUL.md and IDENTITY.md. Before installing: 1) Review bin/cli.js and scripts locally to confirm behavior and prompts. 2) Prefer manual install (clone the repo) rather than allowing npm/npx to run the package's install hook that executes code automatically. 3) Back up ~/.openclaw/workspace/SOUL.md and IDENTITY.md so you can restore them if the installer overwrites content. 4) Verify you are comfortable with the skill using a local gateway token (OPENCLAW_GATEWAY_TOKEN) and check that token handling is secure. 5) Review the CDN-hosted images (jsDelivr link) and ensure you have rights/are comfortable with sending images of the referenced person. If you are not comfortable with automatic persona injection or install-time execution, do not install or run the installer until you have audited the code.
Latest Release
v1.0.6
- Added full SKILL.md documentation, providing background story, usage scenarios, and technical workflows. - Clarified how Clawra selects and sends Haocun’s selfies via OpenClaw to messaging channels. - Included selection logic and prompt modes for choosing appropriate images based on user input. - Added setup instructions, code examples, platform compatibility, and troubleshooting tips. - Provided inspirational backstory for engaging user experience.
More by @qidu
Published by @qidu on ClawHub
