Skills
skills/openclaw/skills/og-image-design/Gen Agent Trust Hub

og-image-design

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill utilizes a highly dangerous execution pattern: curl -fsSL https://cli.inference.sh | sh. This command downloads a script from the internet and executes it immediately with shell privileges.
  • External Downloads (HIGH): The domain cli.inference.sh is not among the verified trusted sources. Fetching and executing code from unverified third-party domains poses a severe security risk.
  • Command Execution (HIGH): By piping remote content to sh, the skill allows an external entity to run arbitrary commands on the user's machine, which can lead to data exfiltration, malware installation, or persistence.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 19, 2026, 09:09 AM