Wip Grok

xAI Grok API. Search the web, search X, generate images, generate video.

Before installing, be aware of these points: - The skill requires an xAI API key (XAI_API_KEY) even though the registry metadata claims none; SKILL.md and core.mjs will fail without it. - core.mjs will try to read the key from 1Password using the 'op' CLI (execSync). That means the skill runs a shell command; ensure you trust the code and have the op CLI configured if you want that behavior. - The edit_image and image-to-video flows accept local file paths and will read and base64-encode files (readFileSync) and send them to the external x.ai service. Do not pass paths to sensitive local files (password stores, private keys, configuration files) — supplying such paths would leak their contents to the external API. - package.json does not list the MCP SDK dependencies that mcp-server.mjs imports; this is an operational inconsistency (you may need to install those packages or run the MCP server in an environment that already provides them). - If you plan to allow autonomous agent invocation, be cautious: an autonomous agent could be tricked into passing local file paths or otherwise invoking edit_image/video with data that results in sensitive data being uploaded. Recommendations: - Only install/run this skill from a trusted source and review the code (core.mjs, mcp-server.mjs) yourself. - If you don't want 1Password CLI access, set XAI_API_KEY explicitly in the environment and/or remove/modify the op read fallback. - Restrict agent inputs so it cannot supply arbitrary local file paths to edit_image or generate_video image seeds. - Consider running the MCP server in a sandboxed environment or container to limit filesystem access if you need the MCP interface.

Type: OpenClaw Skill Name: wip-grok Version: 1.0.2 The skill is classified as suspicious due to critical vulnerabilities that could be exploited for data exfiltration and arbitrary file writes. The `core.mjs` file's `edit_image` function uses `readFileSync` on the `image` parameter if it's not an HTTP or data URI, allowing an attacker to read arbitrary local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and send their base64-encoded content to the xAI API. Additionally, the `cli.mjs` file's `--output` flag for media generation uses `writeFileSync` without path sanitization, enabling arbitrary file writes. These are severe vulnerabilities, but there is no clear evidence of intentional malicious behavior by the skill itself.