Skillv1.0.5

ClawScan security

VIN Recognition OCR - VIN识别 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 3, 2026, 10:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and required JISU_API_KEY align with a VIN/OCR integration that posts images to the JisuAPI VIN recognition endpoint; there are no unexplained credentials, downloads, or broad filesystem/credential access.
Guidance: This skill appears to do exactly what it claims: convert a provided image (or base64) to base64 and send it to JisuAPI's VIN recognition endpoint using your JISU_API_KEY. Before installing, consider: 1) Privacy: images are uploaded to a third-party service (jisuapi.com) — do not send images containing sensitive personal data unless you are comfortable with that provider's policies. 2) API key management: obtain an AppKey from jisuapi.com, store it in JISU_API_KEY, and rotate/revoke if it is accidentally shared. 3) Dependencies: ensure Python3 and the 'requests' package are available in the agent runtime. 4) Limits & costs: check JisuAPI rate limits, quotas, and billing. If any of these are unacceptable, do not install or use the skill.

Review Dimensions

Purpose & Capability: noteThe skill name/description (VIN recognition) matches the behavior: vinrecognition.py encodes an image and POSTs to https://api.jisuapi.com/vinrecognition/recognize using an AppKey (JISU_API_KEY). One minor note: the Python script uses the 'requests' library but the SKILL.md / metadata do not declare that dependency or an install step.
Instruction Scope: okSKILL.md instructs saving the image locally or passing base64 and calling the script; the script only reads the provided image (or the provided base64) and sends it to the documented JisuAPI endpoint. The script deliberately restricts local path reads to the current working directory and forbids absolute paths or path traversal, and it does not access other env vars, system files, or unexpected endpoints.
Install Mechanism: okThere is no installer or remote download; this is instruction + a single bundled Python script. No external archives or installers are fetched. As noted above, the runtime requires the 'requests' Python package which is not listed in metadata; this is an operational omission but not a sign of malicious behavior.
Credentials: okOnly one environment variable is required: JISU_API_KEY (declared as primaryEnv). That matches the API provider usage and is proportionate to the stated purpose. No other secrets or unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request permanent/always inclusion (always: false), does not modify other skills or global agent settings, and does not attempt to persist credentials or change system-wide configs.