Skillv1.0.6

ClawScan security

seedream(doubao)-image-generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 17, 2026, 8:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (wraps Volcengine Seedream image generation) but contains a few inconsistencies and minor issues you should review before use (environment metadata mismatch, a likely Python bug, and the scripts will read local files and upload them to a remote API).
Guidance: This skill appears to implement a legit wrapper for Volcengine Seedream, but review and precaution are recommended before use: 1) Correct the metadata mismatch — SEEDREAM_BASE_URL is optional in code but listed as required in metadata. 2) Inspect the scripts locally (they will read any local image path you pass and upload its base64 to the remote API). Do not pass sensitive file paths. 3) Note a likely bug/partial truncation in the Python entrypoint (an undefined/truncated variable near the end) — test the script in a safe environment first. 4) Use a dedicated API key with limited scope, avoid placing a broad-seoped SEEDREAM_API_KEY in a shared environment, and rotate the key if you suspect misuse. 5) If you need higher assurance, run the scripts in an isolated/sandbox environment and confirm the base URL is the official Volcengine endpoint before sending data.

Review Dimensions

Purpose & Capability: noteThe declared requirements (SEEDREAM_API_KEY and SEEDREAM_BASE_URL) and the included Python/JS wrappers align with the stated purpose of calling Volcengine Seedream for T2I/I2I. Minor incoherence: the registry metadata and SKILL.md list SEEDREAM_BASE_URL as a required env var, but both code files treat SEEDREAM_BASE_URL as optional (they default to the Volcengine endpoint). This mismatch should be corrected.
Instruction Scope: noteRuntime instructions and scripts explicitly read user-supplied local image file paths, convert them to base64, and transmit them to the Seedream API; they also optionally download generated images to a local directory. That behavior is expected for I2I workflows, but it means any local file path you provide will be uploaded — a privacy/exfiltration risk if you pass sensitive files. The SKILL.md and scripts only reference the two declared env vars and the specified API endpoint.
Install Mechanism: okThere is no install spec or remote download; the skill is instruction-plus-local-scripts only. The code uses standard stdlib network/file APIs. No third‑party install or remote archive is fetched during install.
Credentials: noteThe skill requests only SEEDREAM_API_KEY (primary) and SEEDREAM_BASE_URL. That is proportionate for a client of the Seedream API. Small inconsistency: registry metadata claims SEEDREAM_BASE_URL is required while code treats it as optional and uses a sensible default endpoint. JS also allows an override param 'api_key' at runtime which is acceptable but should be documented clearly.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system-wide config. It does write files only when you explicitly pass a download_dir. Autonomous invocation is enabled by default but is not combined with other red flags here.