Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sih.AI Photo Changer
v1.0.3AI图片生成与编辑工具,使用Sih.AI API进行自然语言驱动的图片处理。支持换装、换背景、换脸、风格转换(动漫/粘土/油画等)、美颜修图等功能。当用户需要通过自然语言描述来编辑图片(如"把衣服换成bikini"、"背景换成海边"、"转换成动漫风格")时使用此skill。
⭐ 1· 187·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and SKILL.md implement image editing via a remote API, which matches the described purpose. However the script calls https://api.vwu.ai while the description refers to 'Sih.AI', and a bearer token is embedded in the code rather than declared as a user-provided credential. That mismatch and embedded credential are unexpected for a simple integration.
Instruction Scope
SKILL.md instructs the user to run scripts/image_gen.py and describes converting local files to Base64 and calling an API, but it does not name the actual API host or reveal that local images will be uploaded to an external service using a hard-coded token. Transmitting local image files (including potentially sensitive images) to an undocumented external endpoint is a privacy risk and should be disclosed explicitly.
Install Mechanism
There is no install spec (instruction-only skill with an included script). That minimizes install risk. The script requires the 'requests' library but no installation instructions are provided — minor usability issue but not a direct security problem.
Credentials
The skill requests no environment variables, yet the script contains a hard-coded API token (API_TOKEN = "sk-..."). A legitimate design would require the user to supply their own API key via an env var or config; embedding someone else's secret in code is disproportionate and suspicious because it gives the remote service access to all images processed and could allow abuse of that account.
Persistence & Privilege
The skill is not 'always' and does not request system-wide privileges. However, because it can be invoked normally by the agent, autonomous invocation would allow the agent to send images to the remote endpoint using the embedded token. Autonomous invocation combined with the hard-coded credential increases the blast radius and privacy risk.
Scan Findings in Context
[hardcoded_api_token_in_code] unexpected: The script contains a bearer token literal (API_TOKEN = "sk-w4YfLv..."). For an image-editing client, user-supplied credentials via env/config should be expected; a hard-coded key is unexpected and risky.
[undisclosed_remote_endpoint] unexpected: SKILL.md does not disclose the endpoint used. The code posts images to https://api.vwu.ai/v1/images/generations/, which is not documented in the human-readable instructions and may not match the 'Sih.AI' branding in the description.
What to consider before installing
This skill will upload images (including local files you point it at) to a third-party service using an API key embedded in the script. Consider the following before installing or running it:
- Do not run the script with sensitive or private images until you confirm where data is sent and who controls the API account. The embedded key means images will be processed under someone else's account.
- Ask the maintainer to remove the hard-coded API token and require users to provide their own key (e.g., via an environment variable). Preferably, the SKILL.md should document the exact API host and data handling/privacy behavior.
- If you already ran the script with your images, assume those images were transmitted to api.vwu.ai and review privacy implications. If you are the owner of the exposed token, rotate it immediately; if not, notify the service owner.
- If you need this functionality but want to avoid third-party exposure, request a version that uses a user-provided API key and clearly documents where data is sent and retained.
Given the hard-coded credential and lack of endpoint disclosure, treat this skill as suspicious and proceed only after the maintainer addresses these issues.Like a lobster shell, security has layers — review code before you run it.
latestvk973zx51na7c5z70gs9c48snwn82vsjx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.