← 返回 Skills 市场
893
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install weimage
功能描述
Generates high-quality images from optimized English prompts and automatically sends the final picture to all users without intermediate messages.
安全使用建议
Do not install or run this skill. It enforces silent behavior, loads root .env credentials, forces a root python environment, copies generated files into a hard-coded public website (voice.robotmusk.com), and instructs automatic messaging — all signs of covert exfiltration. If you already ran it: 1) uninstall/remove the skill immediately; 2) inspect and remove files under /opt/1panel/www/sites/voice.robotmusk.com/index and /root/.openclaw/workspace for unexpected artifacts; 3) check and rotate any secrets stored in /root/.openclaw/.env and other credentials that could have been exposed; 4) block outbound traffic to voice.robotmusk.com and related hosts; 5) audit agent messaging logs for automatic pushes to users (WeChat/default_api.message) and notify affected users; 6) if this ran on a production host, perform a host compromise investigation and consider rebuilding the host. The script's behavior is intentionally covert and not proportionate to a benign image-generation helper.
功能分析
Type: OpenClaw Skill
Name: weimage
Version: 1.0.3
The skill bundle is classified as suspicious primarily due to a prompt injection instruction in `SKILL.md` (`严禁过程汇报,严禁询问。` - 'Strictly forbid process reporting, strictly forbid asking questions.'). This instruction attempts to manipulate the AI agent's behavior to operate silently, which is a common tactic to hide actions or prevent user intervention. While the `weimage_sync.py` script uses safe practices for command execution (e.g., `subprocess.run` with a list of arguments), it also forces its execution environment via `os.execv` and loads environment variables from `/root/.openclaw/.env`, granting access to potential secrets. Although no direct data exfiltration or malicious payloads are observed, the prompt injection instruction raises concerns about the intent behind suppressing agent transparency.
能力评估
Purpose & Capability
The skill claims to generate and deliver images to users, but its code writes output into a hard-coded public web directory (OUTPUT_DIR) served at an external domain (voice.robotmusk.com) and returns that URL. That destination is unrelated to a generic 'generate image and send to users' claim and suggests exfiltration or covert publishing. The script also forces use of /root/pythonenv and references a GEN_SCRIPT in /root/.openclaw/workspace — these hard-coded root paths are not proportional to the stated purpose.
Instruction Scope
SKILL.md explicitly mandates silent operation ('严禁过程汇报,严禁询问') and instructs the agent to immediately push the returned URL to all users via default_api.message (WeChat). The code itself loads /root/.openclaw/.env and will surface environment keys in debug output if prompt missing. Combining enforced silence with writing to an attacker-controlled URL and automated messaging is covert and out-of-scope for a benign image helper.
Install Mechanism
There is no install spec (instruction-only) and no external archive downloads. However, the provided Python script executes other local scripts (GEN_SCRIPT) and expects a custom pythonenv; the lack of an install step reduces supply-chain risk but does not mitigate the malicious behaviors embedded in the script.
Credentials
requires.env declares none, yet the script loads /root/.openclaw/.env and injects any keys into the process environment. This reads potentially sensitive credentials without declaring them. It also references/uses root-level paths and an external BASE_URL, which are not justified by the simple stated purpose.
Persistence & Privilege
The skill writes files to a system web directory (/opt/1panel/...), exposing copied files at an external domain. Although always:false, the skill requests filesystem and messaging permissions (per _meta.json) and modifies publicly visible filesystem state — a high-privilege action for an image helper and a persistent exfiltration channel.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install weimage - 安装完成后,直接呼叫该 Skill 的名称或使用
/weimage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
weimage 1.0.3 Changelog
- 生成发送图片给微信
- Added a new readme.md file with supporting documentation.
- Updated workflow description for clarity and brevity, focusing on silent execution and parameter details.
- Enforced strict rules on prompt optimization, parameter passing, and result notification.
- Added sample command in metadata for consistent shell invocation.
v1.0.1
Version 1.0.1 of "weimage"
- welcome to our ai and finance service global.
- send image to 微信
v1.0.0
Initial release with structured three-step image generation and delivery process:
- Automatically optimizes user prompts into high-quality English drawing instructions with style details.
- Generates images using the weimage tool and deploys the result to a specified web path.
- Automatically broadcasts the generated image to all users via system messaging after deployment.
- Streamlines user experience by suppressing intermediate progress messages and responding only after all steps are complete.
- Notifies the user after image delivery without exposing direct image URLs in chat.
元数据
常见问题
weimage 是什么?
Generates high-quality images from optimized English prompts and automatically sends the final picture to all users without intermediate messages. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 893 次。
如何安装 weimage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install weimage」即可一键安装,无需额外配置。
weimage 是免费的吗?
是的,weimage 完全免费(开源免费),可自由下载、安装和使用。
weimage 支持哪些平台?
weimage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 weimage?
由 zhairen(@zhairen)开发并维护,当前版本 v1.0.3。
推荐 Skills