Skillv1.0.0

ClawScan security

WaveSpeedAI Wan 2.2 Animate Character Animation & Swap · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 7:33 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md describes a coherent WaveSpeed animate/replace workflow, but the skill metadata omits the required API key and other provenance, which is an inconsistency users should understand before installing.
Guidance: This skill appears to implement the described WaveSpeed animate/replace functions, but the SKILL.md requires a WAVESPEED_API_KEY while the registry metadata lists no required environment variables or primary credential. Before installing: (1) confirm the provider's identity and website (wavespeed.ai) and that you trust them; (2) do not paste your API key into public code—use environment variables or a secrets manager; (3) ask the publisher to update the registry metadata to declare WAVESPEED_API_KEY as a required credential so the platform can surface the secret request transparently; (4) be aware the skill examples upload local files or accept URLs—only supply media you permit the skill to upload; and (5) if you cannot verify the owner/source (homepage/source code absent), consider not installing or requesting more provenance. If the metadata is corrected to declare the API key, the skill would be more coherent; as-is, the omission is a red flag.

Review Dimensions

Purpose & Capability: concernThe skill's description and runtime instructions match (upload an image/video and call wavespeed.run to animate or replace). However, the SKILL.md requires a WAVESPEED_API_KEY for authentication while the registry metadata lists no required environment variables or primary credential. That mismatch is unexpected and reduces transparency about what secrets this skill needs.
Instruction Scope: noteInstructions stay within the stated purpose (upload media and call the WaveSpeed model). They show examples that upload local file paths and pass URLs to the API. This implies the agent (or user) will provide local files or external URLs; the doc warns against arbitrary URLs. There are no instructions that read unrelated system files or exfiltrate other data.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. That is the lowest-risk install mechanism.
Credentials: concernThe SKILL.md explicitly requires WAVESPEED_API_KEY (sensitive credential) but the skill metadata declares no required env vars or primary credential. The lack of declared credentials in registry metadata is disproportionate to the instruction's actual need and reduces the user's ability to audit secrets requested by the skill.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system presence. Autonomous invocation is allowed (platform default) but is not combined here with any other high-risk privileges.