ClawHub

volc-vision

v0.1.0

使用火山引擎 ARK API 做图片理解、图片描述、视觉问答与图像分析。适用于用户发来图片并询问“这是什么”“图里有什么”“帮我看下这张图”“描述一下图片内容”“识别图片中的信息”等场景,也适用于需要对本地图片、图片 URL 或 base64 图片做理解和问答时。

0· 155·0 current·0 all-time
by@big-dust
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (node), and required env var (ARK_API_KEY) align with a tool that calls an external vision API. The code uses the ARK API key to authenticate requests to an ARK endpoint, which is expected for this purpose.
Instruction Scope
SKILL.md and index.js instruct reading images from local paths, URLs, or data URLs and sending them (as base64 data URLs) to the external ARK API. That is necessary for the stated purpose, but it means any local file path passed to the skill will be read and transmitted externally — a privacy/exfiltration risk if sensitive files are supplied.
Install Mechanism
No install spec; this is instruction + a single Node script. The only runtime requirement is node on PATH. Nothing is downloaded or written to disk by an installer step.
Credentials
Only ARK_API_KEY (primary credential) is required, which is proportionate to calling an authenticated external API. The code uses that key in an Authorization header as expected. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges or modify other skills. It does not persist credentials itself. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill is coherent with its stated purpose, but be aware it will send any image you pass (including local files) to an external ARK service using the ARK_API_KEY. Only provide non-sensitive images and only supply an API key you trust to be used with that external service. Verify the API hostname and your operator's policy for sending images to third-party APIs before installing. If you need to restrict uploads, avoid passing arbitrary filesystem paths or base64 of sensitive content to the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9724kyp44tt9w4yzw974fwghh83g7dk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binsnode
EnvARK_API_KEY
Primary envARK_API_KEY

Comments