Back to skill
Skillv3.0.2
ClawScan security
calorie1-detective-v3 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 4:03 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement the stated photo → calorie workflow, but there are inconsistencies (it reads API keys and local config files that were not declared in the metadata) and some surprising behaviors you should review before installing.
- Guidance
- This skill's behavior mostly matches its description, but it reads local config files and environment variables for API keys even though the metadata declared none. Before installing: (1) Inspect config/config.yaml and remove/add any secrets only intentionally (prefer env vars to checked-in config files). (2) Do not put sensitive credentials in config/config.local.yaml unless you trust the skill and host. (3) Note the skill will send images (base64) to https://api.moonshot.cn/v1/chat/completions (Kimi) or other configured provider endpoints — confirm you are comfortable with that network traffic. (4) Run the code in a sandbox / with non-production keys first and review data/calorie.log for what is written. (5) If you want to limit exposure, set provider to 'local' and avoid providing API keys so the skill uses its built-in database only.
Review Dimensions
- Purpose & Capability
- noteThe code, config, and SKILL.md align with the stated purpose (image recognition via a vision API + local nutrition DB). Optional support for multiple providers (Kimi, OpenAI, Nutritionix, FatSecret) is reasonable for a flexible tool. However the package metadata declared no required environment variables/credentials while the code expects/reads API keys (e.g., KIMI_API_KEY, USER_KIMI_API_KEY, OPENAI_API_KEY, NUTRITIONIX keys) and a local config file — this mismatch is noteworthy.
- Instruction Scope
- concernRuntime instructions and shipped scripts (run.sh, test.sh) simply run the Python calculator, but the Python code will load config/config.local.yaml if present, read environment variables for API keys, and write logs to data/calorie.log. The SKILL.md and metadata do not explicitly call out those file reads/writes or all env-vars the code may consult, giving the agent more filesystem and network access than the metadata implies.
- Install Mechanism
- okThere is no install spec (instruction-only install), and dependencies are declared in requirements.txt. No external downloads or obscure installers are used. Risk from installation is low, but running the included Python code will perform network calls.
- Credentials
- concernThe code uses multiple optional API keys and environment variables (KIMI_API_KEY, USER_KIMI_API_KEY, OPENAI_API_KEY, NUTRITIONIX_APP_ID/KEY, FATSECRET_KEY) and will prefer a local config file if present. While these are plausible for supporting different providers, the registry metadata declares no required secrets and no primary credential — that under-declaration reduces transparency and may cause accidental credential exposure if a user places secrets in config files or env variables without realizing the skill will read them.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and only writes a local log file (data/calorie.log). It can make outbound network requests to the configured vision API endpoint but does not request elevated platform privileges.