Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Qwen Vision Rename
v1.0.0根据图片内容批量重命名本地图片文件。这是一个 skill,不是可调用工具;先用 read 打开本文件,再执行脚本命令,绝不能直接发出名为 qwen-vision-rename 的 tool call。用户提到“改名/重命名/按图片内容命名/整理图片文件名/整理图片”时必须使用本技能。默认直接执行改名,仅在用户明确...
⭐ 0· 110·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared primary credential (DASHSCOPE_API_KEY) and python3 requirement align with a vision-API-based renaming tool. However the code also reads many other environment keys, OpenClaw skill entries, and local config files (e.g. ~/.openclaw/openclaw.json) to resolve settings — behavior not documented in SKILL.md's requires list and not strictly necessary for the core rename functionality.
Instruction Scope
SKILL.md requires the agent to run the included script and by default execute renames (--apply) unless user explicitly requests a dry-run. The script will auto-select local image directories (~/图片, ~/Pictures or OPENCLAW_RENAME_DEFAULT_DIR), write JSON plan and rollback files, copy/prepare images into ~/.openclaw media outbound/cache, and may publish local images as public URLs if a public media base URL is configured. The code also loads .env files and reads ~/.openclaw/openclaw.json to extract env entries for other skills — this expands the skill's read scope beyond what the description declares and could surface other credentials/configs.
Install Mechanism
No remote install or arbitrary downloads; the package is instruction-only with a Python script and a small requirements.txt (requests, Pillow). This is low installation risk.
Credentials
Only DASHSCOPE_API_KEY is declared as required, which is reasonable. But the code will also read many other env vars (DASHSCOPE_BASE_URL, OPENAI_BASE_URL, OPENCLAW_* keys, OPENCLAW_MEDIA_BASE_URL, etc.) and can pull API keys from ~/.openclaw/openclaw.json and .env files. That means the skill can access environment values and other skills' stored env entries that were not declared — disproportionate to a simple renamer and a possible vector to read other secrets.
Persistence & Privilege
always:false and no privileged install are good. However the script writes files into the user's home (~/.openclaw/media/outbound and vision-input-cache) and writes plan/rollback JSON files in the run location. It also reads ~/.openclaw/openclaw.json. The skill does not request permanent platform-wide privileges, but it does create and read files in the user's config area which the SKILL.md did not explicitly disclose.
What to consider before installing
Before installing or running: 1) Be aware the skill by default will perform renames (it defaults to --apply). If you want to inspect changes first, run a dry-run and review the generated plan and rollback file. 2) The script reads ~/.openclaw/openclaw.json and .env files and may inherit environment values from other skills — check that file for any secrets you don't want this skill to see. 3) It copies/optimizes images into ~/.openclaw media outbound/cache and can publish them as public URLs if you have OPENCLAW_MEDIA_BASE_URL / OPENCLAW_VISION_IMAGE_BASE_URL or a public_base_url file configured — verify those settings to avoid accidental exposure. 4) Only provide DASHSCOPE_API_KEY you trust and consider scoping or using a limited key if possible. 5) If unsure, inspect scripts/vision_rename.py fully, back up your image directory, and run the rename command without --apply first.Like a lobster shell, security has layers — review code before you run it.
latestvk97d01rq221pzzdf8geskdcr0x838np2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧭 Clawdis
Binspython3
EnvDASHSCOPE_API_KEY
Primary envDASHSCOPE_API_KEY