Skillv0.1.1

ClawScan security

jimeng generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 9:41 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement a VolcEngine (Jimeng 4.0) image generator and its code/instructions match that purpose, but the registry metadata does not declare the required VolcEngine credentials and therefore the bundle is internally inconsistent.
Guidance: This package appears to be a legitimate VolcEngine (Jimeng) image generator: it will ask you to supply VOLCENGINE_AK and VOLCENGINE_SK (or a temporary token) in a .env file and then run a TypeScript script that signs requests and calls visual.volcengineapi.com, saving images to ./output. Before installing or running it: 1) note the registry metadata did NOT declare required env vars — treat that as a packaging oversight and verify you are intentionally providing VolcEngine credentials; 2) prefer using a short-lived STS token or least-privilege key and rotate/revoke keys after testing; 3) run npm install and execute the script in an isolated environment (container or sandbox) so network calls and file writes are contained; 4) inspect scripts/generate.ts yourself (or a reviewer) — it is the real runtime code and currently does not contain obfuscated or unexpected endpoints; 5) verify dependency sources if you are concerned about supply-chain risk (npm mirror entries are present in package-lock.json). If any of these checks make you uncomfortable, do not provide long-lived credentials or run the code on sensitive hosts.

Review Dimensions

Purpose & Capability: concernThe name/description, README, SKILL.md and scripts/generate.ts consistently implement a VolcEngine (jimeng) image generator that requires VOLCENGINE_AK/VOLCENGINE_SK (or VOLCENGINE_TOKEN). However the registry metadata lists no required environment variables or primary credential — that is a clear mismatch between declared requirements and actual code/instructions.
Instruction Scope: okSKILL.md instructs the agent/user to create a .env with VolcEngine credentials, run npm install, and invoke the TypeScript script which submits tasks, polls status, and writes images to ./output. The instructions and the script operate within the stated purpose (submit tasks to visual.volcengineapi.com and save results). The script reads only the project .env and writes output images; it does not try to read unrelated system paths or exfiltrate data to unexpected endpoints.
Install Mechanism: noteNo install spec in registry (instruction-only), but the package includes a Node.js script and package.json that requires running npm install (axios, ts-node, typescript). Installing npm deps is normal for this tool; dependencies come from standard npm registries/mirrors (package-lock uses a mirror). There is no remote arbitrary download or extract of unknown archives in the skill files. Still, because code will be executed locally, users should install and run it in a controlled environment.
Credentials: concernThe code and SKILL.md legitimately require VolcEngine credentials (VOLCENGINE_AK, VOLCENGINE_SK, optionally VOLCENGINE_TOKEN). That access is proportional to the stated purpose. The concern is that the skill metadata did not declare these required env vars, so an installer/agent might not realize credentials are needed — increasing the chance a user will supply secrets without noticing. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It runs as a local CLI script; autonomy (agent-initiated invocation) is enabled by default but not combined with other red flags.