Env credential access
Critical
- Finding
- Environment variable access combined with network send.
jimeng generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a purpose-aligned VolcEngine Jimeng image generator, but it requires your VolcEngine credentials and sends prompts or image URLs to that provider.
Before installing, confirm you intend to use a VolcEngine Jimeng account, use a scoped or temporary key where possible, keep .env out of version control, and avoid sending sensitive prompts or private image URLs. The supplied artifacts do not show malicious behavior, but the source is not linked and the review context includes truncated source content, so review locally if you need higher assurance.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Anyone installing it must provide a VolcEngine key, and the skill can use that key to submit Jimeng image-generation requests.
Why it was flagged
The skill requires VolcEngine access credentials. This is expected for the stated provider integration, but those credentials can authorize account activity and potentially billable API use.
Skill content
VOLCENGINE_AK=你的AccessKey VOLCENGINE_SK=你的SecretKey
Recommendation
Use a least-privilege or temporary credential if possible, keep .env private, monitor provider usage, and revoke the key if it is exposed.
What this means
Prompts and any supplied reference image URLs may be processed by VolcEngine.
Why it was flagged
The code sends requests to the documented VolcEngine API host. This is purpose-aligned, but prompts and reference image URLs are external provider data flows.
Skill content
const HOST = 'visual.volcengineapi.com';
const BASE_URL = `https://${HOST}`;Recommendation
Avoid sending sensitive prompts, private image URLs, or images you are not allowed to share with the provider.
What this means
You have less external provenance information to verify the package publisher or upstream source.
Why it was flagged
The package provenance is not fully documented. The skill also relies on npm dependencies, which is common for this type of CLI tool but worth noticing before installation.
Skill content
Source: unknown Homepage: none
Recommendation
Install only if you trust the publisher, review package.json/package-lock.json, and prefer installing in an isolated project or environment.
What this means
A user might store real credentials in .env and accidentally commit or share them if their local setup does not actually ignore the file.
Why it was flagged
The documentation makes a credential-safety assurance about .gitignore, but the supplied file manifest does not include a .gitignore file. This is not evidence of exfiltration, but users should not rely on the claim without checking their local repository.
Skill content
`.env` 文件已被 `.gitignore` 忽略,不会提交到仓库,请放心填写真实凭证。
Recommendation
Create or verify a .gitignore entry for .env before adding real credentials, and never commit provider keys.