Skillv3.3.2

ClawScan security

Anima · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 12:01 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what its description says (generate avatar videos) but its package metadata omits several required credentials and system dependencies and the code will send your images/audio to external services (Gemini, Fish Audio, Feishu), so the package is internally inconsistent and needs careful review before use.
Guidance: Key things to consider before installing/running: - Metadata mismatch: The registry claims no environment variables or binaries required, but the code needs GEMINI_API_KEY, FISH_AUDIO_KEY, FISH_AUDIO_REF_ID, FEISHU_APP_ID, FEISHU_APP_SECRET and command-line tools (ffmpeg, ffprobe, curl, sleep; macOS fallback 'say'). Treat this as a red flag — the publisher likely omitted required permissions. - Sensitive uploads: The batch generator sends your base avatar/background images (base64) to Gemini (https://generativelanguage.googleapis.com). The send script uploads videos to Feishu using app credentials. If you supply real service credentials, personal or proprietary images and generated videos will be transmitted off your machine. - Principle of least privilege: Only supply test credentials (not production) and keep the .env inside the skill folder as the code expects. Do not put highly privileged tokens in this skill unless you fully trust it. - Run in isolated environment: If you decide to test, run npm install inside a disposable container/VM, ensure ffmpeg and curl are installed in that environment, and avoid using your real work accounts. Inspect the .env file before running and verify endpoint URLs in code. - Code review items: Confirm the GEMINI and Fish Audio API usage meets your privacy expectations (what is sent), and verify Feishu upload logic if you don't want automatic outbound messages. Also be aware that execSync calls run external commands and may expose secrets if logged elsewhere. - If you want to proceed safely: 1) audit and edit the code to suit your needs, 2) provide only restricted/test API keys, 3) validate the asset paths and ensure sprites/backgrounds are local and acceptable, and 4) run in an isolated environment. Given the clear mismatches between metadata and implementation (missing declared envs, undeclared binary dependencies, external uploads), treat this skill as suspicious until you confirm the credentials and external endpoints are acceptable and the code is safe for your data.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md align with an interactive video generator that uses Gemini (images), Fish Audio (TTS), FFmpeg (composition) and Feishu (delivery). However the registry metadata declares no required environment variables or binaries, while the implementation expects multiple external services and command-line tools. That mismatch is unexpected and disproportionate to the metadata provided.
Instruction Scope: concernSKILL.md explicitly instructs generation using Gemini and Fish Audio and to set GEMINI_API_KEY in the skill .env; code performs API calls and will upload generated videos to Feishu when credentials are present. The code reads/writes local files (assets/, temp/, output/) and updates production_plan.csv. It will transmit your base avatar/background images to Gemini (base64 upload) and will upload final videos to Feishu — both are privacy-sensitive actions. The runtime also uses shell commands (curl, ffmpeg, ffprobe, say) via execSync; these are not listed in the registry requirements.
Install Mechanism: noteNo install spec is provided (instruction-only distribution), which reduces automatic install risk. However there are shipped Node files and a package.json (sharp, dotenv). Using sharp may require native build steps. The code invokes external binaries via shell (ffmpeg/ffprobe/curl/say/sleep) which are not declared. There is no remote download/install of arbitrary archives (good), but running the included scripts will execute network calls and binaries on your machine.
Credentials: concernRegistry metadata lists no required env vars, but the code requires/uses GEMINI_API_KEY, FISH_AUDIO_KEY, FISH_AUDIO_REF_ID, FEISHU_APP_ID, and FEISHU_APP_SECRET (and expects them in skills/anima/.env). That is a clear inconsistency. These credentials grant access to external services and (in Feishu's case) allow sending messages as the app — so they are high-value and must be justified and protected; the skill's metadata should have declared them but did not.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills or system-wide agent settings. It reads/writes only within its own skill folder (temp/, output/, assets/) and updates its production_plan.csv when generating sprites. However, given it can use Feishu credentials to send media, it effectively can transmit data externally when run with credentials — so grant runtime privileges cautiously.