Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
qwencloud-vision
v0.1.0[QwenCloud] Understand images and videos with Qwen vision models. TRIGGER when: user wants to analyze, describe, or extract information from images or videos...
⭐ 0· 49·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (image/video understanding with Qwen vision models) match the included scripts and references. Requiring a Qwen/DashScope API key and optional base URL/region is expected for this purpose. However, the registry metadata claims no required environment variables or primary credential while the SKILL.md and scripts clearly require DASHSCOPE_API_KEY / QWEN_API_KEY — an incoherence between metadata and actual requirements.
Instruction Scope
Runtime instructions and scripts legitimately read .env files, require an API key, and resolve local files for upload. However, the skill emits update-check signals and will attempt to locate and execute a local qwencloud-update-check script (via subprocess) if present in repository paths; it also reads/writes repository state under .agents/state.json. Executing a local script from the repo and writing state are operations outside pure 'vision analysis' and increase the attack surface if the repo is untrusted.
Install Mechanism
There is no install spec (the package is instruction-plus-scripts delivered as files); no external downloads or package installs are performed by the skill itself. The code is stdlib-only Python and does not auto-install third-party packages.
Credentials
The skill uses and documents DASHSCOPE_API_KEY (primary), with aliases QWEN_API_KEY and optional QWEN_BASE_URL/QWEN_REGION. These credentials are proportional to a cloud vision client. The problem is the declared registry metadata lists no required env vars/credential — that's misleading. Also the code will load .env files into the process environment (without overwriting existing vars), so secrets in .env would be accessible to the scripts; ensure you only provide the intended API key and not unrelated secrets.
Persistence & Privilege
The skill is not always-enabled and does not request global privileges. It will create/read files under the repository (e.g. .agents/state.json and may read skills-lock.json) and may invoke a local check_update.py via subprocess. Writing repo state and invoking local scripts is moderate privilege within a repo and should be considered before enabling in an agent that runs in a sensitive environment.
What to consider before installing
This skill implements a QwenCloud/DashScope vision client and expects a DASHSCOPE_API_KEY (alias QWEN_API_KEY) and optional QWEN_BASE_URL/QWEN_REGION. Before installing: 1) Note the registry metadata omission — the skill WILL need your API key (store it in .env or the environment). 2) Review the included Python scripts locally (they are provided) — pay attention to network endpoints (they use DashScope/QwenCloud base URLs) and to gossamer.py which may execute a local qwencloud-update-check script and writes .agents/state.json. 3) If you will provide an API key, prefer a scoped/least-privilege key and keep it out of shared repos; do not paste keys into chat. 4) Consider running the code in an isolated environment (sandbox/container) first, and verify QWEN_BASE_URL is not pointed to an untrusted server. 5) If you rely on the platform metadata to assess required secrets, ask the publisher to correct the manifest so required env vars (DASHSCOPE_API_KEY / QWEN_API_KEY) are declared. If you trust the author and the repository, the skill looks coherent; if you do not, treat the subprocess invocation and repo writes as elevated risk and avoid installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97fmb20hq55c5755depzfj6gs83w0ws
License
MIT-0
Free to use, modify, and redistribute. No attribution required.