Pluginv1.0.8

ClawScan security

AI Image Generator & Editor — GPT Image 2, Nanobanana, ComfyUI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 5:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (AI image generation) matches the functionality, but there are several internal inconsistencies and undeclared requirements (config path, env vars, a shell dependency) plus contradictory runtime instructions that deserve attention before installing.
Guidance: What to consider before installing: - The plugin legitimately needs API keys or a local ComfyUI endpoint to generate images. If you plan to use generation, you'll be asked to paste API keys or a curl command; those will be parsed and saved to ~/.config/meigen/config.json. Only proceed if you trust the provider and are comfortable storing a token on disk. - Manifest omissions: the package metadata does not list the config path (~/.config/meigen/config.json) or the optional env vars it reads (MEIGEN_API_TOKEN, OPENAI_API_KEY, COMFYUI_URL). Expect the plugin to create and read that file; check its contents after setup and ensure it's chmod 600 as promised. - Contradictory instructions: some parts forbid reading local files while others accept local file paths; clarify whether you will be asked to let the agent read local images/workflow files. If you do not want local file access, avoid supplying local paths. - Secret-handling caution: when using the "Import from curl" option, only paste commands you trust and inspect the parsed results before confirming; the skill will try to extract API keys automatically and could capture unrelated keys if you paste a command containing them. - Hook dependency: hooks/open-image.sh uses jq and macOS 'open' — the manifest doesn't declare jq as required. If you rely on post-generation auto-open behavior, ensure jq is installed and understand the hook only runs on SessionStart/PostToolUse as configured. - Testing: consider testing in a throwaway session first (or with a limited-scope API key) to confirm behavior. Inspect ~/.config/meigen/config.json after setup to verify what was written. If you have strict security needs, avoid pasting keys into the chat and prefer manual config management. If you want, I can list the exact places in the files where these inconsistencies appear and suggest specific questions to ask the skill author (e.g., "Why isn't ~/.config/meigen declared in the manifest?", "Do you really need to parse arbitrary curl commands to extract API keys?").

Review Dimensions

Purpose & Capability: noteThe skill is an image-generation/creative-workflow plugin and legitimately needs API keys or a local ComfyUI URL to generate images. However, the registry metadata declares no required environment variables or config paths while the SKILL.md and hooks clearly read/write ~/.config/meigen/config.json and reference env vars (MEIGEN_API_TOKEN, OPENAI_API_KEY, COMFYUI_URL). The omission in metadata is a provenance/manifest mismatch.
Instruction Scope: concernRuntime instructions include sensitive operations: prompting the user to paste API keys or curl commands (the skill will parse/extract API keys), instructing the agent to read and write ~/.config/meigen/config.json, and accepting local file paths for reference images/workflows. There are also internal contradictions: the image-generator agent says "Do NOT read any files" while other flows accept local file paths and the setup flow asks for local workflow files to import. Another contradiction: commands/gen says to show a creative comment after generation, but other parts (visual-creative rules) forbid creative commentary. These inconsistencies could cause unexpected behavior or accidental exposure of secrets if misused.
Install Mechanism: okNo install spec (instruction-only) — lowest-risk install vector. The only files that run on hooks are small shell scripts included in the bundle, not remote downloads. That's appropriate for this type of plugin.
Credentials: concernThe skill legitimately needs API keys or a local ComfyUI URL for image generation, but the package metadata does not declare any required env vars or config paths while the documentation and scripts expect MEIGEN_API_TOKEN, OPENAI_API_KEY, OPENAI_BASE_URL, COMFYUI_URL and read/write ~/.config/meigen/config.json. The setup flow also parses user-pasted curl commands to extract API keys automatically — which is convenient but increases the chance of accidentally capturing unrelated secrets if the user pastes commands containing other keys.
Persistence & Privilege: noteThe skill writes a config file to ~/.config/meigen/config.json (via the Write tool) and sets permissions. This is expected for a client that stores API tokens, and the skill is not always:true nor modifying other skills. Still, the manifest omitted the config path requirement and the hooks will run SessionStart/PostToolUse actions (open-image.sh attempts to open files on macOS). Also open-image.sh depends on jq and open being available though the manifest lists no required binaries.