Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
纯血万相冰箱盲盒
v3.0.0纯血万相冰箱盲盒 - 基于 Wan2.7/Wan2.1 视觉大模型的烹饪灵感触发器。用户上传冰箱内部照片,Skill 利用万相图像生图像能力,将杂乱冰箱场景语义化提炼并重组为精致创意料理概念图。支持多种菜系(中餐/西餐/日料/法餐/意餐/韩式/泰式/融合)、难易程度(简单/适中/挑战)、烹饪时间(快手/适中/慢炖...
⭐ 0· 136·1 current·1 all-time
bylaojun@laojun509
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with included Python scripts that send fridge photos to a Wan/DashScope imaging API and produce recipes; requiring an API key for that service is reasonable. However the registry metadata declares no required env vars/credentials while SKILL.md and examples explicitly ask for WAN_API_KEY (and optionally WAN_API_URL). That metadata mismatch is inconsistent.
Instruction Scope
SKILL.md instructs users to upload fridge photos to an external service and to export WAN_API_KEY/WAN_API_URL; the included scripts will perform network calls (requests). The SKILL.md contains a pre-scan 'unicode-control-chars' prompt-injection signal, which means parts of the instruction file may contain hidden control characters that could influence model parsing or agent behavior. Also SKILL.md and examples reference external result URLs and an OSS bucket; users should be aware images and derived recipe outputs leave the local environment.
Install Mechanism
There is no install spec (instruction-only from registry) but the package includes runnable Python scripts and a recipe DB. The only declared dependency in text is 'pip install requests'—lightweight—but the absence of an install manifest combined with shipped code means the code will be executed from the skill bundle as-is (no vetted package manager step). This is not inherently malicious but increases the need to inspect the code before running.
Credentials
The behavior requires WAN_API_KEY (and examples show WAN_API_URL) to call Wan/DashScope, which is proportionate to the stated purpose. However the registry metadata lists no required env vars or primary credential; that mismatch is a red flag. Also the skill asks for an API key that will be sent to external endpoints — users should ensure the key is limited/scoped and not reused for other systems.
Persistence & Privilege
The skill is not configured as always:true, does not request elevated system privileges, and does not declare changes to other skills or system-wide settings. It runs as an ordinary script that performs network calls.
Scan Findings in Context
[unicode-control-chars] unexpected: Control characters in SKILL.md are unexpected for a cooking/imagery skill. They can hide or alter prompts and may be an attempt to influence model parsing or to obfuscate instructions. This should be removed or explained by the author before trusting the skill.
What to consider before installing
What to check before installing or running this skill:
- Do not paste your permanent or high-privilege API keys. The skill asks for WAN_API_KEY (and examples use WAN_API_URL). Use a scoped or ephemeral key and confirm the API host is legitimate before supplying credentials.
- The registry metadata claims no required env vars, but SKILL.md and examples require WAN_API_KEY/WAN_API_URL — ask the author to fix the metadata or explain why it was omitted.
- Inspect scripts/generate_gourmet.py (already included) to see exactly which endpoints are called and what data is uploaded. Verify the WAN_API_URL points to a trusted provider (official Wan/DashScope endpoints) — the placeholder domains in examples (wan.xxx) are not authoritative.
- Remove or inspect any hidden/control characters in SKILL.md (the scanner flagged unicode-control-chars). Hidden control chars can be used to manipulate model behavior; request a clean/plain version from the author or scrub the file yourself.
- Be aware images you upload (fridge photos) and generated outputs may be stored on external servers (OSS URLs are referenced). If photos contain sensitive information (labels, notes, or interior locations), treat uploads as potentially public.
- Because the bundle includes runnable code but no install manifest, run it in an isolated environment (sandbox/container/VM) and review network traffic if possible.
- If you need higher assurance, ask the publisher for: a homepage/source repository, author identity, a clear canonical WAN API endpoint, and removal/explanation of the control characters. If those are not provided, treat the skill as untrusted.
Confidence note: medium — the core functionality is coherent, but the metadata mismatch and prompt-injection signal prevent a clean 'benign' verdict without further author clarification.Like a lobster shell, security has layers — review code before you run it.
latestvk97532y92vbfy2jtcw019yr3th84hgf5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.