ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bird Recognition Tool | 鸟类识别工具

v1.0.0

Identifies bird species in images/videos of target areas. Supports recognition of no less than 500 common bird species, supports customized model training, s...

0· 32·0 current·0 all-time
bysmyx-skills@18072937735
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (bird recognition) is broadly consistent with scripts/bird_recognition_analysis.py and related skill logic that call an external AI analysis API. However the package includes a large shared 'smyx_common' module, a complete 'face_analysis' skill (TCM face-diagnosis), and many utilities that are not strictly necessary for a simple wrapper that calls a remote bird-recognition API. This is plausibly a shared platform SDK but is unexpected and increases the skill footprint.
!
Instruction Scope
SKILL.md enforces strict runtime rules (must locate open-id via specific config files, forbid reading local memory files, auto-save uploaded attachments, always fetch history from cloud API). The code does perform API calls and supports listing history, but there are inconsistencies: SKILL.md promises automatic saving of attachments to an attachments directory (I did not find code that implements that exact behavior), and the skill forbids using local 'memory' yet the included smyx_common DAO and config code will create/read local SQLite under the workspace/data path and reads config YAML files inside the skill/workspace. The instructions direct the agent to read local config files and environment (OPENCLAW_WORKSPACE path) — this is broader than the declared metadata (which listed no config paths or env vars).
Install Mechanism
No install spec is declared (instruction-only), which reduces installation risk. However the bundle contains requirements files (skills/smyx_common/requirements.txt and face_analysis requirements) that list a very large set of dependencies. Although nothing in the registry forces automatic installation, if a runtime were to install those packages they are extensive and include network-enabled libraries. No external download URLs or extract/install steps were observed.
!
Credentials
Registry metadata declares no required env vars/credentials, but SKILL.md and included code read config yaml files and environment variables (OPENCLAW_WORKSPACE, OPENCLAW_SENDER_OPEN_ID, FEISHU_OPEN_ID) and may use an API key configured in skills/smyx_common/scripts/config.yaml. The skill will call external endpoints (config defaults point at lifeemergence.com) and will construct report export URLs to those domains. Asking the agent to find/require an 'open-id' from local config or request it from the user is legitimate for logging, but the manifest does not declare these access needs; the code also creates/uses a local SQLite DB under workspace/data which implies persistent local storage. This gap between declared and actual environment/credential access is a proportionality concern.
Persistence & Privilege
The skill is not always:true and does not request elevated system privileges, but the included smyx_common DAO writes/reads a SQLite DB into the workspace/data directory and the SKILL.md instructs saving uploaded attachments to the skill's attachments directory. The skill will therefore persist data in the agent workspace. It does not appear to alter other skills' configs, but it does read workspace-level config files.
What to consider before installing
This skill is not an outright exploit, but several mismatches increase risk. Before installing or enabling it: - Verify the API endpoints: the bundled config defaults point to lifeemergence.com; if you don't trust that service, do not pass API keys or open-ids. - Do not provide sensitive credentials or production open-ids without reviewing where they are stored (skills/smyx_common/scripts/config.yaml and workspace-level config files). The skill expects an 'open-id' and will try to read workspace config files and environment variables. - Expect local persistence: the skill includes code that writes a SQLite DB to the workspace/data directory and may save attachments. If you need isolation, run it in a sandboxed workspace. - Review included files (smyx_common and face_analysis) — they expand the attack surface and are not strictly required for a minimal bird-recognition wrapper. If you only want image-to-API behavior, consider a slimmer alternative or extract/inspect the specific API-calling logic. - If you proceed, monitor network traffic and filesystem writes (where report export URLs point, what files are created), and avoid supplying secrets until you confirm where they are sent. If you want, I can: list the exact places the code reads/writes files and which environment variables it consults, or point out the exact lines that construct external URLs and local DB paths.
!
skills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97184h87k1k3kneb41rekmr3s84tsh9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments