中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:19 hr ago Rescan
5 /100
agent-profile-images
Agent Profile Images for OpenClaw Control UI — upload custom avatars, generate themed AI profile images
This is a legitimate UI feature package for agent profile images containing only documentation and TypeScript reference implementations. The flagged base64 decode is standard API response handling (OpenAI b64_json), all functionality is documented, and no malicious behavior is present.
Skill Nameagent-profile-images
Duration35.2s
Enginepi
Safe to install
No action required. The skill is safe for use.
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned Avatar files written to agent workspace avatars/ directory
Network READ READ ✓ Aligned Calls OpenAI API https://api.openai.com/v1/images/generations
Shell NONE NONE No shell execution found
Environment NONE READ ✓ Aligned Reads API keys from env (ANTHROPIC_API_KEY, OPENAI_API_KEY) - necessary for feat…
1 Critical 2 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(b64, "base64"
references/src-gateway-server-methods-agents-ts.txt:534
🔗
Medium External URL 外部 URL
https://docs.openclaw.ai
references/ui-src-ui-app-render-ts.txt:603

File Tree

17 files · 409.8 KB · 11567 lines
Text 16f · 11446L Markdown 1f · 121L
├─ 📁 references
│ ├─ 📄 src-gateway-method-scopes-ts.txt Text 242L · 6.0 KB
│ ├─ 📄 src-gateway-protocol-index-ts.txt Text 728L · 23.9 KB
│ ├─ 📄 src-gateway-protocol-schema-agent-ts.txt Text 138L · 4.8 KB
│ ├─ 📄 src-gateway-protocol-schema-agents-models-skills-ts.txt Text 312L · 7.6 KB
│ ├─ 📄 src-gateway-protocol-schema-protocol-schemas-ts.txt Text 309L · 10.8 KB
│ ├─ 📄 src-gateway-protocol-schema-types-ts.txt Text 149L · 9.2 KB
│ ├─ 📄 src-gateway-server-methods-agent-ts.txt Text 771L · 26.6 KB
│ ├─ 📄 src-gateway-server-methods-agents-ts.txt Text 1248L · 41.1 KB
│ ├─ 📄 src-gateway-server-methods-list-ts.txt Text 166L · 3.5 KB
│ ├─ 📄 src-gateway-session-utils-ts.txt Text 1035L · 31.8 KB
│ ├─ 📄 ui-src-ui-app-render-ts.txt Text 3270L · 138.6 KB
│ ├─ 📄 ui-src-ui-app-ts.txt Text 963L · 33.9 KB
│ ├─ 📄 ui-src-ui-app-view-state-ts.txt Text 622L · 19.6 KB
│ ├─ 📄 ui-src-ui-types-ts.txt Text 691L · 15.7 KB
│ ├─ 📄 ui-src-ui-views-agents-panels-overview-ts.txt Text 293L · 12.1 KB
│ └─ 📄 ui-src-ui-views-agents-ts.txt Text 509L · 20.6 KB
└─ 📝 SKILL.md Markdown 121L · 3.8 KB

Security Positives

✓ All functionality clearly documented in SKILL.md
✓ Proper path guards prevent directory traversal attacks
✓ File writes restricted to agent workspace directory
✓ Image size validation (2MB limit) prevents DoS
✓ API key access is scoped to OpenAI/Anthropic for avatar generation only
✓ No shell execution or subprocess calls
✓ No credential exfiltration - keys used only for intended API calls
✓ Base64 usage is standard API pattern for image data transfer
✓ Proper input validation and sanitization throughout