Skillv2.0.0

ClawScan security

Face Reading Cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 6:15 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (face-reading + image analysis) but includes privacy/stealth guidance and missing dependency declarations that don't add up and could enable covert profiling or surprise network activity.
Guidance: This skill is internally coherent for an entertainment/cultural face-reading tool, but exercise caution before installing or enabling it for autonomous use. Key points to consider: - Privacy & consent: The docs explicitly teach stealthy, non-consensual observation/analysis of people — avoid using it to analyze photos of people who haven't given consent. Consider removing or disabling SOCIAL-GUIDE content that instructs covert profiling. - Code review: Before running any scripts, inspect the Python files (scripts/*.py) for network calls, remote API endpoints, or subprocess execution. Look for imports like requests, urllib, boto3, or calls that post data externally. If you’re not comfortable auditing the code, run it only in an isolated sandbox. - Dependencies & runtime behavior: There is no install spec or dependency list. Expect that the scripts may require dlib/OpenCV and other Python packages. Install dependencies from known sources in a controlled environment (virtualenv/containers). Watch for any runtime pip installs performed automatically. - Autonomous invocation risk: If you allow the agent to invoke this skill autonomously, it could process images shared in conversations without explicit per-use consent. If that’s a concern, disable autonomous invocation for this skill or require explicit user confirmation before processing images. - If you plan to use image analysis in production: prefer an explicit consent flow, restrict analysis to user-supplied images, and log/report where images are sent/processed. If medical/health inferences appear, ensure you add clear disclaimers and direct users to professionals. If you want, I can: 1) summarize what to look for inside the four Python scripts and flag suspicious code patterns, or 2) produce a short patch suggestion to remove or soften the stealth/social-guidance instructions.

Review Dimensions

Purpose & Capability: noteName/description (face-reading + psychology + image recognition) match the shipped assets: multiple docs and Python scripts for image-based analysis and psychology mapping. Requesting no credentials and no binaries is consistent. However the included SOCIAL-GUIDE explicitly instructs stealthy/‘not obvious’ analysis of other people, which extends the purpose from passive cultural/entertainment analysis into privacy-invasive real-world behavior.
Instruction Scope: concernRuntime instructions tell the agent to run local Python scripts that download/process image URLs (scripts/face_image_analysis.py, analyze.py, psychology_analysis.py). The SKILL.md and SOCIAL-GUIDE encourage analyzing photos (including strangers) and give tips to do so without the subject noticing — this is scope creep and a privacy/ethical risk. The skill also instructs reading its own docs and files (fine), but the scripts may download arbitrary image URLs or call external services (not documented).
Install Mechanism: noteNo install spec provided (instruction-only install), which minimizes supply-chain risk, but the repo includes Python scripts that likely depend on native modules (dlib/OpenCV). Dependencies are not declared and there's no guidance on how/where to install them; that can lead to runtime attempts to fetch packages or failures. No external binary downloads or obscure URLs were found in the manifest.
Credentials: okThe skill declares no required environment variables, credentials, or config paths — appropriate for its stated local-analysis purpose. Still, the scripts may perform network I/O (image downloads) or call remote ML APIs; SKILL.md does not declare or justify such external endpoints or credentials.
Persistence & Privilege: noteThe skill is not always-enabled and uses the default autonomous invocation policy. Autonomous invocation combined with image-processing + stealth/social-guidance increases blast radius (agent could autonomously analyze images presented in chats). This is not grounds for blocking alone but is relevant for user caution.