← Back to Skills Marketplace

Fast Image

Name: Fast Image
Author: deadlining

by DeadLining · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

437

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install fast-image

Description

Quickly send local images to channel. Auto-compress large images, copy small images directly.

README (SKILL.md)

fast-image

Quickly send local images to specified channel. Auto-handles image copy/compress and send.

Usage

node {baseDir}/send_image.mjs "\x3Cimage_path>" \x3Cchannel> \x3Ctarget> [message]

Parameters

Parameter	Description	Required
`image_path`	Full path to image	Yes
`channel`	Target channel name	Yes
`target`	Target user/group	Yes
`message`	Optional message	No

Features

Image processing
- File \x3C 10MB: Copy directly to ~/.openclaw/media/browser/
- File >= 10MB: Compress with sharp then copy
Send: Use openclaw message send --media to send
Cleanup: Auto-delete temp file after sending

Examples

node {baseDir}/send_image.mjs "~/Pictures/photo.png" telegram @chatname
node {baseDir}/send_image.mjs "~/Downloads/large.jpg" telegram @chatname "landscape"

Dependencies

Node.js
sharp: npm install sharp
openclaw CLI

Usage Guidance

This skill appears to do what it says: compress or copy a local image then call your openclaw CLI to send it. Before installing/using: 1) Ensure you have the openclaw CLI and the sharp Node package installed. 2) Be aware of two implementation issues you may want to fix: the script uses the literal path "~/.openclaw/..." instead of expanding ~ to the home directory (so it may create a directory named "~" instead of using your home), and it spawns the openclaw command with shell: true and unescaped arguments — if you or another agent can pass untrusted file paths, that could permit shell injection. 3) Confirm you're comfortable with the script deleting the temporary file after sending (it skips deletion for channel 'qqbot'). If you want to harden it, update TMP_DIR to use os.homedir(), and invoke the CLI with spawn/execFile without shell or ensure arguments are safely escaped.

Capability Analysis

Type: OpenClaw Skill Name: fast-image Version: 1.0.2 The skill `fast-image` is classified as suspicious due to a shell injection vulnerability in `send_image.mjs`, where `child_process.spawn` is invoked with `shell: true` using unsanitized user-provided arguments. This allows for arbitrary command execution if parameters such as `target` or `message` contain shell metacharacters. Additionally, the script lacks path validation for the `image_path` parameter, which could be exploited to read and exfiltrate sensitive local files.

Capability Assessment

✓ Purpose & Capability

Name/description, SKILL.md, and the bundled send_image.mjs are consistent: the script copies or compresses a local image and invokes the openclaw CLI to send it. Declared dependencies (Node, sharp, openclaw CLI) match the implemented behavior.

ℹ Instruction Scope

The runtime instructions operate only on the provided image path, a temporary media directory, and the openclaw CLI. Two implementation notes: the TMP_DIR is set to the literal string "~/.openclaw/media/browser/" (the script does not expand '~' to the user's home directory), which is likely a bug/behavior mismatch; and spawn(...) is invoked with shell: true and unescaped arguments, which could allow shell injection if an untrusted actor supplies a crafted image path. The script otherwise does not read unrelated files or env vars.

✓ Install Mechanism

This is instruction-only with one bundled JS file and no install spec; nothing is downloaded or written by an installer. The script requires the sharp package and the external openclaw CLI but does not automatically fetch them.

✓ Credentials

No environment variables, credentials, or config paths are requested. The resources accessed (local image and a local/openclaw media directory) are proportional to the stated task.

✓ Persistence & Privilege

The skill does not request persistent/always-on privileges, does not modify other skills, and does not alter system-wide configuration. It only runs the included script when invoked.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install fast-image
After installation, invoke the skill by name or use /fast-image
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

No changes detected in this version. - No file or documentation updates were made for version 1.0.2. - 飞书不支持/var/tmp

v1.0.1

- Maintenance release with no user-facing changes. - Internal file modifications only; documentation and features remain unchanged.

v1.0.0

fast-image 1.0.0 - Initial release. - Send local images to specified channel & user/group. - Automatically compress images ≥10MB; copy smaller images directly. - Supports optional message along with image. - Automatic cleanup of temporary files after sending. - Requires Node.js, sharp, and openclaw CLI.

Metadata

Slug fast-image

Version 1.0.2

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 3

Frequently Asked Questions

What is Fast Image?

Quickly send local images to channel. Auto-compress large images, copy small images directly. It is an AI Agent Skill for Claude Code / OpenClaw, with 437 downloads so far.

How do I install Fast Image?

Run "/install fast-image" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Fast Image free?

Yes, Fast Image is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Fast Image support?

Fast Image is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Fast Image?

It is built and maintained by DeadLining (@deadlining); the current version is v1.0.2.

More Skills