ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cosmetic-detect

v1.0.0

Analyze facial/body photos to detect signs of cosmetic surgery or aesthetic procedures. Use when the user uploads a photo and asks to identify cosmetic work,...

0· 171·0 current·0 all-time
byRainman@deusyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the runtime instructions and the included reference checklist — no unrelated environment variables, binaries, or install steps are requested. Inferring ethnicity/ancestry and age is explicitly part of the analysis; that is coherent with the stated detection goal but is a sensitive capability that should be justified and constrained.
!
Instruction Scope
SKILL.md directs the agent to evaluate image quality, apparent ethnicity, apparent age, and to produce probabilistic diagnostic statements. It also instructs use of knowledge about public figures and cross-image comparison. The document does not instruct how to handle consent, privacy, retention, or minors, nor does it require verification steps before making sensitive inferences. Inferring ethnicity/ancestry from photos and publishing procedure likelihoods can cause reputational harm, bias, and discrimination; those are out-of-band risks even if coherent with the stated task.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk per the provided metadata.
Credentials
The skill requests no environment variables, credentials, or config paths — proportionate from a technical-privilege viewpoint. However, the skill's functional requirements involve processing sensitive biometric imagery and inferring protected attributes; the lack of privacy safeguards (consent checks, data retention guidance, restrictions on minors/public figures) is a non-technical proportionality concern.
Persistence & Privilege
always:false and no privileges or config modifications are requested. The skill would be user-invocable and can be autonomously invoked by the agent (platform default) but it does not request elevated persistence.
What to consider before installing
This skill appears to do what it says and doesn't ask for system credentials or install code, but it performs sensitive inference (ethnicity, age, surgical history) from photos — which can produce false positives, bias, and reputational harm. Before installing or using: (1) require explicit user consent and avoid analyzing images of minors; (2) add clear disclaimers and probabilistic language in outputs; (3) log and retain images only with strong safeguards or not at all; (4) consider legal/privacy requirements in your jurisdiction (biometric laws); (5) avoid using the tool for accusations or publishing results about private individuals; and (6) if possible, have human expert review for any consequential claims. If you want stronger assurance, request that the skill author add explicit consent/retention guidance and an option to disable ethnicity inference.

Like a lobster shell, security has layers — review code before you run it.

latestvk97az52z8egj1vkz3m35cx3jwh82sem0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments