Skillv1.0.0

ClawScan security

Best Practice Skill Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 2:59 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The tool does what it claims (turns videos/screenshots into skills) and needs an MLLM API key, but the shipped config includes a hard-coded API key and an unexpected default API endpoint (cloubic.com) which could cause your images and screenshots to be sent to a third party without your explicit consent.
Guidance: Do not run this tool without checking and changing its configuration. Immediate actions to consider: - Inspect config.yaml and remove the hard-coded api_key; replace it with your own provider & key or leave it blank so you must set MLLM_API_KEY in your environment. - Confirm MLLM_BASE_URL and provider selection point to a provider you trust (OpenAI, Google Gemini, or your enterprise endpoint). The shipped default points to 'api.cloubic.com', which is unexpected. - Recognize that the tool will encode and upload full images/screenshots you provide. Avoid sending screenshots or video frames that contain passwords, tokens, private keys, or other sensitive information. - Run the tool in a controlled environment and set MLLM_API_KEY explicitly (do not rely on shipped defaults). Consider using an account with limited privileges or test quota when first trying it. - Review generated SKILL.md files before installing/publishing them, especially any required_env entries that request credentials. - If you cannot verify the embedded key's origin, prefer deleting the config entry and supplying your own credentials or using a local/offline model.
Findings: [HARD_CODED_API_KEY_IN_CONFIG] unexpected: config.yaml contains a hard-coded openai.api_key value (starts with 'sk-...') and an unexpected base_url 'https://api.cloubic.com/v1'. This is not required for the tool to function for an end user and could route user data to that endpoint if not overridden. [UNEXPECTED_DEFAULT_ENDPOINT] unexpected: The openai provider in config.yaml points at 'api.cloubic.com' and the configured model is 'gemini-3.1-pro-preview' — a mismatch and unexpected default for an 'openai' provider. If left unchanged, images and descriptions will be POSTed to this domain.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (generate OpenClaw skills from video/images) legitimately requires an MLLM provider and therefore an API key. However, config.yaml contains a hard-coded API key and a non-standard base_url (https://api.cloubic.com/v1) under the 'openai' provider entry, and the listed model is 'gemini-3.1-pro-preview' — an odd mismatch. That embedded key/base_url is not necessary for the stated purpose and looks like a default that would cause user data to be sent to an unexpected third-party endpoint if the user does not override it.
Instruction Scope: concernRuntime instructions and code encode and send base64 images (frames/screenshots) plus user descriptions to the configured MLLM provider. That behaviour is expected for the tool's function, but because the repo ships with a built-in API key & unusual endpoint, users who follow the provided commands without changing configuration will transmit potentially sensitive images and screenshots to that endpoint. The code otherwise does not read unrelated local files or secrets.
Install Mechanism: okNo installation downloads or external installers are present; requirements.txt lists common libraries (httpx, Pillow, opencv-python, PyYAML). The package includes source files and has no network install step that would fetch arbitrary code at runtime.
Credentials: concernRequesting an MLLM API key (MLLM_API_KEY) is proportionate to the stated function. However, the repository hardcodes an API key in config.yaml for the 'openai' provider and points that provider to a third-party domain. That embedded credential in a distributed config is unexpected and problematic: it can cause the tool to use someone else's key and endpoint to process your data or leak your images to a party you did not choose. The skill generation code can also set required_env values in generated skills, which is reasonable but worth reviewing in outputs.
Persistence & Privilege: okThe skill is not force-included (always: false), is user-invocable and does not request system-wide configuration changes. It writes generated skill files to a user-specified output directory only. No elevated privileges or permanent always-enabled behavior is requested.