Skillv0.1.0

ClawScan security

Clawcap Avatar Equip · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 5:38 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code implements the advertised avatar accessory pipeline and legitimately needs a Gemini API key, but the registry metadata omitted that requirement and there are a few operational/privacy concerns (external demo link, arbitrary image URL fetching) you should understand before installing.
Guidance: This skill appears to implement what it claims, but take these precautions before installing or using it: - Expect to set GEMINI_API_KEY (the registry metadata omitted this); do not supply broader credentials than necessary. - Prefer running locally in an isolated environment (container or VM) rather than using the authors' demo site (http://107.172.78.150:8000) to avoid sending images to a third party. - Be cautious if you allow image_url inputs: the service will fetch arbitrary URLs (SSRF risk). If deploying internally, restrict outbound/network access and/or validate/whitelist hostnames. - Review the GitHub repository and commit history yourself (link provided in docs) and confirm there are no hidden telemetry or unexpected network calls beyond google-genai and standard HTTP image fetches. - Monitor usage/billing on your Gemini API key and rotate/revoke it if you suspect misuse. If you want, I can list the exact lines where GEMINI_API_KEY is referenced and point out the places you should harden (host whitelisting, input validation, demo link removal).

Review Dimensions

Purpose & Capability: concernThe skill's name/description (avatar accessory synthesis) match the code: it uses a VLM + mask + inpainting pipeline and calls the Google Gemini API. However the registry metadata listed no required environment variables while the SKILL.md and config.py clearly require GEMINI_API_KEY — an incoherence that could mislead users about needed credentials.
Instruction Scope: concernRuntime instructions and code stay within the stated purpose (analyze image, build mask, call Gemini to inpaint). Notable concerns: the service can fetch arbitrary image URLs (utils.load_image_from_url uses httpx without host filtering), which presents SSRF/host-probing risk if deployed in an environment with internal endpoints. The README/SKILL.md also advertises an external demo URL (http://107.172.78.150:8000); while the code does not auto-exfiltrate images to that host, pointing users to a hosted demo may encourage sending images to a third party.
Install Mechanism: noteNo explicit install spec in registry (instruction-only), but the repository includes Python code and a requirements.txt; SKILL.md instructs 'pip install -r requirements.txt'. Dependencies are standard PyPI packages (google-genai, fastapi, etc.) and there are no opaque downloads — this is moderate risk and typical for Python skills.
Credentials: concernThe only needed secret is GEMINI_API_KEY (declared in SKILL.md and used throughout config.py and client creation). That is proportionate to the stated purpose. The concern is that the registry entry omitted the env requirement, which is an actionable mismatch that could cause accidental misconfiguration or leaking of the key to an external demo if users use the hosted service instead of running locally.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system-wide settings, and only needs the Gemini API key for outbound API calls. Autonomous invocation is allowed (platform default) but not combined with other high privileges.