Skillv1.0.0

ClawScan security

儿童绘本生成器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:48 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement the advertised image-generation functionality, but there are several inconsistencies (missing declared credentials, undocumented dependency/install steps, and minor copy‑paste errors) that deserve caution before trusting or installing it.
Guidance: This skill generally does what it says (calls Baidu ERNIE-Image via an OpenAI-compatible client and writes a PNG), but before installing or running it you should: 1) Note that an API key is required even though the registry metadata lists none — verify which env var name you will use and set it with appropriate permissions. 2) Install the 'openai' Python package in an isolated environment (venv) because no install step is provided. 3) Avoid passing the API key on the command line in multi-user systems (process lists can expose it); prefer a user-scoped environment variable. 4) Be aware the script will overwrite files without prompting and does no local filtering of prompt content (all prompt text is sent to Baidu), so avoid sending sensitive data. 5) Confirm the remote endpoint (https://aistudio.baidu.com/llm/lmapi/v3) and any privacy/billing implications with Baidu before use. 6) If you need higher assurance, request the author to fix metadata (declare required env vars), add an install spec, and eliminate the CLI key-exposure (e.g., read key from a protected file or keyring).

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (generate children's picture-book images via Baidu ERNIE-Image) matches the code and SKILL.md. However, the skill metadata declares no required environment variables or primary credential while the script and documentation clearly require an API key (env vars: ERNIE-Image_API_KEY, ERNIE_Image_API_KEY, BAIDU_API_KEY or --api-key). That metadata mismatch is an incoherence that could confuse users or lead to misconfiguration.
Instruction Scope: noteSKILL.md and the script are narrowly scoped to: accept a prompt, call the Baidu OpenAI-compatible endpoint, and write a PNG to a user-specified path. They explicitly pass the user's prompt verbatim to the remote service (no local filtering) and will create parent directories and overwrite same-named files without confirmation. No unrelated system files, tokens, or external endpoints beyond the Baidu endpoint are referenced. The lack of local content filtering and automatic overwriting are usability/security concerns (not evidence of malicious intent).
Install Mechanism: noteThere is no install specification provided even though the script depends on the 'openai' Python package (declared in an inline comment). This is a mismatch (no automated install instruction), meaning users must manually install dependencies. No downloads from unknown URLs or archive extraction appear in the package, so no high-risk install actions are present.
Credentials: concernThe script requires an API key (via CLI or one of several env vars) but the published metadata lists zero required env vars/credentials. CLI-provided keys will be visible in process listings (ps) — SKILL.md even warns about this. Requesting a single service API key is proportionate to the stated purpose, but the metadata omission and the process-exposure behaviour are problematic and should be fixed or explicitly documented.
Persistence & Privilege: okThe skill does not request always:true, does not persist or modify other skills or system-wide settings, and is user-invocable only. It writes only the user-specified output file and does not attempt to elevate privileges or install persistent agents.