Pattern
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill’s marketing purpose is understandable, but its bundled worker uses undisclosed Anthropic/Claude services, under-declared cloud credentials, an unauthenticated web endpoint, and persistent caching that may reuse Drive links too broadly.
Before installing or running this skill, confirm whether you are comfortable sending product images and metadata to Anthropic as well as Google. Do not expose the FastAPI worker publicly unless you add authentication, rate limits, and URL validation. Use a least-privilege Google service account, restrict the Drive folder, and review or disable the Redis cache if multiple users or products share the same environment.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Product image URLs and product metadata may be sent to Anthropic, not only to Google services as the listing suggests.
The implementation uses Anthropic/Claude for LLM prompt and copy generation even though the skill description presents the LLM workflow as Google Vertex AI Gemini.
from anthropic import AsyncAnthropic ... model="claude-3-5-sonnet-20241022"
Disclose Anthropic/Claude in the description, metadata, credential requirements, and privacy expectations, or change the implementation to use the stated Google Gemini service.
Users may provide sensitive cloud credentials without seeing them declared in the skill’s registry contract, and the service account can create/upload files in Drive.
The code expects API credentials and a Google Drive-capable service account, while registry metadata declares no required environment variables or primary credential.
# ANTHROPIC_API_KEY # GOOGLE_APPLICATION_CREDENTIALS ... Credentials.from_service_account_file(... scopes=['https://www.googleapis.com/auth/drive.file'])
Declare all required credentials and scopes, use least-privilege service accounts, and document exactly which accounts and Drive folders the skill can write to.
Anyone who can reach the worker could potentially trigger cloud costs, create Drive files, or make the server fetch arbitrary URLs.
The FastAPI worker accepts user-controlled URLs and payloads and, if run directly, listens on all interfaces without visible authentication before performing paid AI calls and Drive writes.
@app.post("/api/v1/jewellery/process") ... image_bytes = await download_image(payload.image_url) ... uvicorn.run(app, host="0.0.0.0", port=8000)Add authentication, rate limits, request size limits, URL allowlists, private binding by default, and explicit approval before costly generation or Drive upload actions.
A repeated image could return stale or wrong Drive links across different product details or users sharing the same Redis instance.
The cache persists Drive links for 30 days keyed only by image hash, not by product metadata, user, tenant, or Drive folder.
cahed_result = await redis_client.get(f"jewellery_pipeline:{img_hash}") ... await redis_client.setex(f"jewellery_pipeline:{img_hash}", 2592000, json.dumps(links))Key cached results by image hash plus metadata, user or tenant, and target Drive folder; document retention and provide a way to clear cached results.
Users may need to install provider SDKs and run a server manually without a reviewed lockfile or documented runtime boundary.
A runnable worker is bundled, but the install specification provides no dependency pinning or setup contract; this is not automatic execution, but it leaves setup provenance to the user.
`jewellery_openclaw_skill.py`: Background FastAPI worker capable of executing the pipeline outside of OpenCLAW.
Provide a pinned requirements file or install spec, document how the worker should be run safely, and state that it should not be exposed publicly without authentication.