stella-selfie Security Report — Trusted | ClawSafe

5 /100

stella-selfie

Generate persona-consistent selfie images using AI providers and send to OpenClaw channels

Legitimate image generation skill with proper capability declarations. The flagged base64 operations are standard API response decoding for image data, not code obfuscation.

Skill Namestella-selfie

Duration49.3s

Enginepi

✓

Safe to install

Skill is safe to use. No security concerns identified.

Findings 1 items

Severity	Finding	Location
Low	Minor capability over-declaration Bash permissions declare npm:, node:, and openclaw:, but only openclaw CLI is actually executed. This is a minor documentation imprecision without security impact. `allowed-tools: Bash(npm:) Bash(node:) Bash(openclaw:) Read Write` → Consider narrowing to just Bash(openclaw:*) for clarity, or document why npm and node access is needed.	`SKILL.md:7`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	SKILL.md, scripts/skill.ts:117 - reads IDENTITY.md, avatars; writes to ~/.opencl…
Network	`READ`	`READ`	✓ Aligned	SKILL.md line 166 - calls Google Gemini API, fal API, laozhang.ai API
Shell	`WRITE`	`WRITE`	✓ Aligned	scripts/sender.ts:51 - executes openclaw message send CLI
Environment	`READ`	`READ`	✓ Aligned	GEMINI_API_KEY, FAL_KEY, LAOZHANG_API_KEY - all declared in SKILL.md metadata

2 Critical 6 findings

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(blob.data, "base64"

scripts/providers/gemini.ts:198

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(raw, "base64"

scripts/providers/laozhang.ts:227

🔗

Medium External URL 外部 URL

https://api.laozhang.ai

SKILL.md:166

🔗

Medium External URL 外部 URL

https://cdn.example.com/ref1.jpg

SKILL.md:232

🔗

Medium External URL 外部 URL

https://cdn.example.com/ref2.jpg

SKILL.md:232

🔗

Medium External URL 外部 URL

https://api.laozhang.ai/v1beta/models

scripts/providers/laozhang.ts:6

File Tree

12 files · 79.5 KB · 2381 lines

TypeScript 8f · 1801L Markdown 2f · 520L JSON 2f · 60L

├─ ▾ 📁 references

│ └─ 📝 timeline-integration.md Markdown 262L · 11.3 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 providers

│ │ ├─ 📜 fal.ts TypeScript 120L · 3.2 KB

│ │ ├─ 📜 gemini.ts TypeScript 225L · 6.3 KB

│ │ └─ 📜 laozhang.ts TypeScript 251L · 6.4 KB

│ ├─ 📜 avatars.ts TypeScript 129L · 3.7 KB

│ ├─ 📜 errors.ts TypeScript 635L · 20.0 KB

│ ├─ 📜 identity.ts TypeScript 79L · 2.3 KB

│ ├─ 📜 sender.ts TypeScript 73L · 1.9 KB

│ └─ 📜 skill.ts TypeScript 289L · 9.3 KB

├─ 📋 package.json JSON 41L · 1.1 KB

├─ 📝 SKILL.md Markdown 258L · 13.5 KB

└─ 📋 tsconfig.json JSON 19L · 478 B

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`@google/genai`	`^0.7.0`	npm	No	Official Google SDK
`@fal-ai/client`	`^1.2.0`	npm	No	Official fal.ai SDK

Security Positives

✓ All API calls documented with data flow in SKILL.md External Endpoints section

✓ Credential requirements explicitly declared in metadata.openclaw.requires.env

✓ No credential harvesting or exfiltration detected

✓ Base64 operations are standard image decoding from typed API responses, not code obfuscation

✓ Filesystem writes are scoped to designated workspace directory ~/.openclaw/workspace/

✓ No remote script execution (curl|bash patterns)

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ Shell execution limited to OpenClaw CLI for message delivery only

Scan Report

Findings 1 items

File Tree

Dependencies 2 items

Security Positives