Skills
skills/wulaosiji/skills/clawra-selfie/Gen Agent Trust Hub

clawra-selfie

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill documentation includes multiple examples of sexually suggestive prompts (e.g., 'towel wrapped around body', 'towel slightly slipping', 'seductive expression') intended to generate borderline content.
  • [PROMPT_INJECTION]: The skill processes untrusted user input from the command line and API calls without sanitization or boundary markers.
  • Ingestion points: The --prompt argument in main() and the prompt parameter in generate_with_prompt() within scripts/clawra_selfie.py.
  • Boundary markers: No delimiters or safety instructions are used when interpolating the user prompt into the API request payload.
  • Capability inventory: The skill uses requests.post to send the prompt to api.wavespeed.ai in the call_grok_edit function.
  • Sanitization: There is no validation or filtering of the user-provided prompt string before it is transmitted to the external image generation service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:24 AM