media-generation 安全扫描报告 — 可信 | ClawSafe

5 /100

media-generation

Generate images, edit existing images, create short videos, run inpainting/outpainting and object-focused edits, use reference images as provider inputs, batch related media jobs from a manifest, and fetch returned media from URLs/HTML/JSON/data URLs/base64.

Legitimate media generation skill with no malicious behavior; all capabilities are declared in documentation and align with code functionality.

技能名称media-generation

分析耗时44.8s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md:line 58-63 declares tmp/images/ and tmp/videos/ writes
网络访问	`READ`	`WRITE`	✓ 一致	SKILL.md:line 1 declares image/video generation; POST requests to provider APIs …
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:line 1-13 describes scripts as 'bundled helpers' and 'functional helper…
环境变量	`READ`	`READ`	✓ 一致	SKILL.md:line 136-147 declares OPENCLAW_MEDIA_PROVIDER, OPENCLAW_MEDIA_*_MODEL e…
技能调用	`WRITE`	`WRITE`	✓ 一致	Scripts invoke each other via subprocess (e.g., mask_inpaint.py → edit_image.py)
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser access found
数据库	`NONE`	`NONE`	—	No database access found

目录结构

17 文件 · 100.0 KB · 2493 行

Python 13f · 2014L Markdown 4f · 479L

├─ ▾ 📁 references

│ ├─ 📝 batch-workflows.md Markdown 89L · 1.8 KB

│ ├─ 📝 model-capabilities.md Markdown 124L · 3.3 KB

│ └─ 📝 reference-image-workflow.md Markdown 70L · 2.6 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 edit_image.py Python 149L · 6.1 KB

│ ├─ 🐍 fetch_generated_media.py Python 174L · 5.4 KB

│ ├─ 🐍 generate_batch_media.py Python 201L · 7.0 KB

│ ├─ 🐍 generate_consistent_media.py Python 9L · 258 B

│ ├─ 🐍 generate_image.py Python 156L · 6.1 KB

│ ├─ 🐍 generate_video.py Python 289L · 11.5 KB

│ ├─ 🐍 mask_inpaint.py Python 219L · 8.7 KB

│ ├─ 🐍 media_request_common.py Python 149L · 5.4 KB

│ ├─ 🐍 object_select_edit.py Python 116L · 4.9 KB

│ ├─ 🐍 outpaint_image.py Python 120L · 5.5 KB

│ ├─ 🐍 prepare_object_mask.py Python 99L · 3.6 KB

│ ├─ 🐍 reference_media.py Python 194L · 8.6 KB

│ └─ 🐍 smoke_test.py Python 139L · 10.2 KB

└─ 📝 SKILL.md Markdown 196L · 9.1 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned; widely-used library with known vulnerabilities in old versions
`Pillow`	`*`	pip	否	Version not pinned; image processing library

安全亮点

✓ All subprocess calls use list-based arguments, preventing command injection

✓ API keys are read from config file only and sent directly to declared provider endpoints

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No base64-encoded execution or obfuscation techniques

✓ No curl|bash or wget|sh remote script execution

✓ No credential harvesting beyond legitimate API key reading from config

✓ No data exfiltration to external IPs beyond provider API calls

✓ Documentation accurately describes all capabilities and workflows

✓ Output files are restricted to tmp/images/ and tmp/videos/ directories

✓ No persistence mechanisms (cron, startup hooks) detected

✓ All media download functionality uses proper URL parsing and validation