Is crabfishxy/seedream-image-for-openclaw safe?

https://github.com/openclaw/skills/tree/main/skills/crabfishxy/seedream-image-for-openclaw

90
SAFE

This skill is a straightforward wrapper for Volcengine's Seedream-4.5 image generation API with no prompt injection, hidden instructions, or credential harvesting behavior. The Python script is clean, canary files were untouched, and installation followed the expected sparse-checkout pattern. The primary risk is a privacy/data sovereignty concern: all user prompts are transmitted to ByteDance-operated cloud infrastructure in China, and API keys are exposed via CLI arguments.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 83/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (5)

MEDIUM User prompts transmitted to Volcengine (ByteDance) cloud -12

Every image generation request sends the user's prompt text, and optionally a reference image URL, to ark.cn-beijing.volces.com — a ByteDance-operated cloud service in China. This is the intended function of the skill but represents an off-premises data transfer that users should knowingly accept.

LOW API key exposed via command-line argument -5

The --api-key parameter passes the Volcengine API credential as a command-line argument, which is visible in /proc//cmdline and process listings for the duration of the call. The alternative VOLC_API_KEY environment variable is safer but not enforced.

LOW Runtime PyPI dependency installation via uv -12

The script uses uv inline script metadata to auto-install requests>=2.31.0 from PyPI on first execution. This is a standard uv pattern but means a network fetch occurs at runtime, introducing a supply-chain dependency on PyPI availability and package integrity.

INFO Data sovereignty concern for regulated environments -8

Prompts and image content are processed by Chinese cloud infrastructure. Organizations subject to GDPR, HIPAA, or other data residency requirements should audit whether user-generated prompts may contain regulated data before deploying this skill.

INFO Post-install openclaw-gateway connections to AWS/Cloudflare 0

After install, the connection diff shows openclaw-gateway (pid=1089, pre-existing process) establishing connections to 3.217.42.175 (AWS) and 104.16.2.34 (Cloudflare). These are attributable to the ClawHub gateway service, not the skill itself.