Skillv2.0.0

ClawScan security

BizyAir GPT_IMAGE_2 API 出图 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (two included shell scripts that require a BIZYAIR_API_KEY and call api.bizyair.cn) matches its image-generation description, but registry metadata omits the required credential and the scripts print part of the API key—these inconsistencies warrant caution.
Guidance: This skill appears to implement an image-generation client for BizyAir and requires you to set BIZYAIR_API_KEY, but the registry metadata incorrectly omits that requirement — ask the publisher to correct the metadata before installation. Verify you trust the api.bizyair.cn domain and the skill owner (no homepage provided). Be aware the scripts print the first 8 characters of your API key to the console (which can leak in logs); avoid running them in environments where logs are exposed or modify the print statement before use. Consider running the scripts in an isolated environment first and confirm network traffic goes only to the expected BizyAir endpoint. If you need higher assurance, request signed source or an official package from the provider and validation of the web_app_id values used in the payloads.

Review Dimensions

Purpose & Capability: concernThe skill is an image-generation tool and the scripts legitimately require a BizyAir API key and call https://api.bizyair.cn, which fits the described purpose. However the registry metadata claims no required env vars or primary credential while SKILL.md and both scripts clearly require BIZYAIR_API_KEY — this mismatch is incoherent and should be clarified.
Instruction Scope: noteSKILL.md and the scripts remain within the stated scope: they build API requests, wait for results, download returned images into a local 'pic' folder, and open previews on macOS. A minor scope note: both scripts print the first 8 characters of the API key to stdout, which leaks a partial secret to logs/console.
Install Mechanism: okThere is no install spec (scripts are bundled and run directly). This is low-risk compared with remote downloads. The included .claude/settings.local.json grants a permissive Bash(chmod +x *) entry, which is consistent with running included shell scripts but should be expected when installing script-based skills.
Credentials: concernOnly one credential (BIZYAIR_API_KEY) is used by the scripts, which is proportionate to an API-based image generator. The concern is the published registry metadata listing 'Required env vars: none' and 'Primary credential: none' — the bundle actually requires a secret. This mismatch reduces transparency and is a potential security/operational gotcha.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It writes output only to a local 'pic' directory and does not persist credentials itself; autonomy settings are default. The .claude permission to chmod shipped files is expected for bundled shell scripts.