TencentCloud FaceID DetectAIFakeFaces
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims—send user-provided face images or videos to Tencent Cloud for fake-face detection—but it handles biometric media and Tencent Cloud API credentials.
Before installing, make sure you are comfortable sending face images or videos to Tencent Cloud, have legal consent for any personal biometric data, and use a properly scoped Tencent Cloud API key. The artifacts do not show hidden persistence, destructive actions, or unrelated data access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will use Tencent Cloud account credentials to call the FaceID API, which may incur account usage and should be limited to appropriate permissions.
The skill requires Tencent Cloud API credentials, while the registry metadata declares no required env vars or primary credential. The use is expected for this Tencent Cloud API skill, but users should notice the credential requirement.
环境变量: - `TENCENTCLOUD_SECRET_ID`:腾讯云API密钥ID - `TENCENTCLOUD_SECRET_KEY`:腾讯云API密钥Key
Use a Tencent Cloud key scoped for the FaceID service where possible, avoid sharing long-lived credentials, and rotate the key if it is exposed.
A local face image or video provided to the script will be processed and sent to Tencent Cloud for analysis.
The script reads a user-supplied local image or video file and encodes it for API submission. This is central to the stated fake-face detection purpose and is bounded by file size checks.
if os.path.isfile(value):
with open(value, "rb") as f:
raw = f.read()Only provide files you intend to submit to Tencent Cloud, and verify consent from the person whose face data is included.
Face images or videos may leave the local environment and be processed by Tencent Cloud under its service terms.
The skill sends the provided FaceInput to Tencent Cloud's FaceID endpoint. This external provider call is disclosed and purpose-aligned, but it involves biometric media.
http_profile.endpoint = "faceid.tencentcloudapi.com"
Review Tencent Cloud's FaceID terms and privacy requirements before submitting biometric data, especially for other people’s images or videos.
Installing an unpinned dependency can expose users to package version changes or package-source risk.
The skill relies on a manually installed, unpinned Python package. This is normal for an SDK-based integration, but users should install it from a trusted package source.
依赖:`tencentcloud-sdk-python`(通过 `pip install tencentcloud-sdk-python` 安装)
Install the official Tencent Cloud SDK from a trusted package index and consider pinning a known-good version in controlled environments.