Skillv1.0.0

ClawScan security

Flyworks Avatar Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:57 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the described Flyworks/HiFly video features, but there are mismatches and privacy/exfiltration risks you should understand before installing.
Guidance: Before installing: (1) Understand that the script will upload any local image or audio path you provide to hfw-api.hifly.cc — do not point it at sensitive files. (2) The metadata does not declare HIFLY_API_TOKEN even though the code reads it; the script also contains a hard-coded demo token. Verify you are comfortable with that behavior or replace/remove the embedded token. (3) The skill will write memory.json in its folder containing saved aliases — review or delete that file if you need to protect identifiers. (4) Prefer running the skill in an isolated environment (sandbox or container) and review the included scripts before giving it access to local files. (5) If you plan to use your own API key, obtain it from the official Flyworks site and set HIFLY_API_TOKEN; otherwise the demo token will be used with known demo limitations.

Review Dimensions

Purpose & Capability: noteThe code and docs match the stated purpose (public avatars, talking photos, voice cloning). However the skill metadata declares no required environment variables or primary credential while the code and SKILL.md clearly rely on an HIFLY_API_TOKEN (optional but used) — a metadata omission/inconsistency that could mislead automated guards.
Instruction Scope: concernRuntime instructions and the included script will upload arbitrary local files (images, audio) to the remote API and poll remote task status. That is necessary for the feature, but it also means any local file path you pass can be transmitted to the Flyworks service. The tool also writes a local memory.json (saved aliases) in the skill directory. Ensure you don't accidentally upload sensitive files or expose saved identifiers.
Install Mechanism: okThis is an instruction-only skill with bundled Python code and a small requirements.txt (requests). There is no external download/install URL or extraction of remote archives — low install risk.
Credentials: concernThe code reads HIFLY_API_TOKEN from the environment and also contains a hard-coded DEFAULT_TOKEN value. The registry metadata did not declare HIFLY_API_TOKEN as a required credential. Hard-coded demo tokens are present in the code (DEFAULT_TOKEN = "2aeda3bcefac46a3"). While a demo token may be intended, embedding a token in code is a surface for unexpected behavior and should be called out.
Persistence & Privilege: noteThe skill persists aliases/metadata to a local memory.json file in the skill folder. always:false and normal autonomous invocation are used. The skill does not request system-wide config changes or other skills' credentials, so persistence is local and limited, but remember saved alias files could contain identifiers you may wish to remove.