Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Digital Singer
v1.3.0Turn your NuwaAI digital avatar into a singing performer! The avatar sings with lip-synced mouth movements driven by vocal audio, with synchronized backgroun...
⭐ 0· 23·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and server.mjs describe a Node-based web server (server.mjs) that drives a browser front-end and asks the user for NuwaAI credentials and an LLM API. However the package also includes an unrelated-sounding Python agent (chorus_agent.py) with its own hard-coded Dashscope API key and different song directory conventions. The presence of a Python agent and baked-in credentials is not justified by the Node-centric Quick Start in SKILL.md and appears incoherent.
Instruction Scope
SKILL.md instructs users to run node server.mjs and to place song files in the skill root; it does not mention running chorus_agent.py. chorus_agent.py on the other hand expects audio files in a '清唱' folder, calls out to Dashscope using an embedded API key, and runs local playback via afplay (macOS). The instructions do not mention these behaviors, so runtime behavior could differ from what users expect.
Install Mechanism
There is no install spec (instruction-only), which limits automatic installation risk. The package.json declares one dependency (ws) which is reasonable for a WebSocket front-end. Node.js and ffmpeg are required per SKILL.md — this is proportionate to the media-processing use case. No remote downloads or extract-from-URL installs are present.
Credentials
SKILL.md asks for NuwaAI API key and LLM configuration (DASHSCOPE_BASE_URL, DASHSCOPE_API_KEY). Those are reasonable. But the codebase contains hard-coded API keys (see chorus_agent.py and server.mjs DEMO_CONFIG) embedded in files rather than declared as required env variables; this both leaks secrets and suggests the shipped code may call external LLM endpoints without the user's explicit configuration. The skill also does not declare required env vars in metadata despite needing LLM and NuwaAPI credentials.
Persistence & Privilege
always is false and there is no indication the skill force-enables itself. The server writes a local .nuwa-config.json to persist user-entered NuwaAI credentials which is consistent with the described UI behavior. No other system-wide or cross-skill modifications are present.
Scan Findings in Context
[hardcoded-api-key-python] unexpected: chorus_agent.py contains a hard-coded DASHSCOPE_API_KEY value (sk-cc31d6...), which is not explained by the SKILL.md instructions and is not appropriate to ship in plaintext. This is disproportionate and risky.
[demo-api-key-node] unexpected: server.mjs includes a DEMO_CONFIG with an API key string (sk-ody1X...). Shipping demo/embedded API keys in code is unexpected and can be misused or indicate stale credentials.
[platform-specific-playback] unexpected: chorus_agent.py uses subprocess to invoke 'afplay' for synchronous audio playback (macOS-only). SKILL.md describes browser audio playback; the local afplay usage is inconsistent with the documented architecture and may have unexpected local effects if the Python agent is executed.
What to consider before installing
What to consider before installing:
- Do not run the code until you review/remove embedded keys: the package contains hard-coded API keys (in chorus_agent.py and a demo key in server.mjs). These keys are unexpected; using them could expose your usage to a third party. If you or your org ever used those keys, rotate them immediately.
- Clarify which component you intend to run: SKILL.md and Quick Start describe running the Node server (server.mjs) and a browser UI. There is also a separate Python agent (chorus_agent.py) that is not mentioned in the README and behaves differently (plays audio via afplay, uses a different songs folder, calls the LLM service directly). If you only want the Node web UI, do not run the Python agent.
- Remove or replace hard-coded credentials and use environment variables: server.mjs already supports env vars for DASHSCOPE_*, QWEN_MODEL and stores Nuwa credentials in .nuwa-config.json. Replace any embedded keys with your own keys stored in environment variables or local config files and never commit secrets to code.
- Inspect network calls and endpoints: the code talks to Dashscope-compatible endpoints (https://dashscope.aliyuncs.com/...) and expects NuwaAI humanctrl WebSocket. Confirm these endpoints are what you expect and that no unexpected remote hosts are contacted.
- Run in an isolated environment: if you decide to test, run the code in a sandbox or container, do not expose any sensitive credentials, and avoid running chorus_agent.py unless you fully audit it. Check for platform-specific commands (afplay) and remove/modify them for your OS.
- File placement mismatch: make sure song files are placed where the server actually expects them (SKILL.md says skill root; python agent expects a '清唱' directory). Harmonize filenames/paths before use.
- If you lack confidence in the origin (homepage unknown, source unknown), prefer not to run it on production machines. Ask the publisher/maintainer for clarification about the Python agent, the embedded keys, and confirm which files are required.server.mjs:462
Shell command execution detected (child_process).
server.mjs:21
Environment variable access combined with network send.
server.mjs:31
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97897afr8s8xregnmzsr3kg6h84ys47
License
MIT-0
Free to use, modify, and redistribute. No attribution required.