Skillv1.6.0

ClawScan security

Human Avatar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 3:16 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, declared requirements, and runtime instructions are consistent with its stated purpose of driving Alibaba DashScope / LingMou media generation; required binaries and credentials match the functionality, but the credentials are sensitive and grant the skill access to your OSS/account so treat them carefully.
Guidance: This skill appears internally coherent and does what it claims: it converts media (ffmpeg), uploads user media to your Alibaba OSS bucket, and calls DashScope / LingMou APIs using the credentials you provide. Before installing or running it: 1) Only provide DASHSCOPE_API_KEY and AK/SK that you trust — prefer a dedicated/test Alibaba account and a dedicated OSS bucket with lifecycle rules and limited permissions; 2) Be aware that uploaded files are sent to Alibaba endpoints (DashScope/LingMou) and their generated signed URLs are used for processing; 3) Rotate keys after testing and avoid using high-privilege or production credentials; 4) Review and run the scripts in an isolated environment first (non-production account) to confirm behavior and billing implications; 5) If you need stronger assurance, run a line-by-line review or sandboxed execution — the code uses subprocess for ffmpeg, base64 decoding for audio streams, and standard Alibaba SDK calls, all of which are expected for this skill.

Review Dimensions

Purpose & Capability: okName/description (Human Avatar using DashScope/LingMou) match what the files and SKILL.md do: call DashScope APIs, use Qwen TTS, call LingMou SDK, and upload media to the user's OSS bucket. Required binaries (ffmpeg/ffprobe) and env vars (DASHSCOPE_API_KEY, ALIBABA_CLOUD AK/SK, OSS_BUCKET/OSS_ENDPOINT) are appropriate and expected for these operations.
Instruction Scope: okSKILL.md and the scripts explicitly instruct uploading local media to the user's OSS, converting media with ffmpeg, and calling DashScope/LingMou endpoints. The instructions do not request unrelated files, system secrets, or external endpoints beyond Alibaba Cloud and user OSS. The scripts perform polling, uploading, and signed-URL generation only — behavior stays within the stated scope.
Install Mechanism: okThere is no automated install that downloads arbitrary code; SKILL.md recommends pip packages from standard registries. Code execution is local via provided scripts. No suspicious external download URLs or archive extraction are present in the manifest.
Credentials: noteThe skill requires multiple sensitive credentials (DashScope API key, Alibaba AK/SK and OSS info). These are proportionate to the advertised features (DashScope TTS/vision APIs require DASHSCOPE_API_KEY; LingMou and OSS uploads require AK/SK and bucket). However, granting AK/SK + OSS bucket gives the skill the ability to upload files to your bucket, generate signed URLs, and use your account resources — this is expected but high-sensitivity. Use least-privilege credentials and a dedicated/test bucket when possible.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent registry-level privileges. It does not modify other skills or system-wide agent settings. Some scripts reference creating a local virtualenv for SDK testing (optional), but there is no installation-time persistence or self-enabling present.