Skillv1.0.0

ClawScan security

Baidu Image Classify · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 11, 2026, 9:05 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared metadata and instructions are mostly coherent with an image-classification integration, but there are notable inconsistencies around credentials and provenance (a hard-coded API key present, SECRET_KEY left blank, and no declared env vars), so proceed with caution.
Guidance: This skill appears to implement Baidu image-classification but has bookkeeping and credential problems you should resolve before trusting it. Specific recommendations: - Do not copy the hard-coded API_KEY from the SKILL.md into a running environment; treat it as potentially leaked and consider it invalid. Ask the publisher whether that key is legitimate and revoke it if it's yours. - The SKILL.md expects a SECRET_KEY but the skill metadata declares no required env vars. Require the publisher to declare required credentials (e.g., BAIDU_API_KEY and BAIDU_SECRET_KEY) and to load them from environment variables or a secure config, not by embedding them in the SKILL.md. - Verify the skill's publisher identity and source code. This skill is instruction-only and shows a local path (/Users/guojiaming/...), which leaks a developer username and suggests the author worked locally; ask for a repository or homepage for provenance. - Be aware that images (including potentially sensitive images) will be uploaded to Baidu endpoints. Confirm that you are comfortable with that data flow and check the privacy policy of the target service. - If you want to use this skill, request fixes: move credentials to declared env vars, remove hard-coded keys from SKILL.md, provide or reference the missing helper functions (get_access_token, encode_image), and add explicit guidance on error handling and rate-limiting. Reassess after these changes. I have medium confidence because the core functionality matches the description, but the credential handling and provenance issues are concrete inconsistencies that need clarification.

Review Dimensions

Purpose & Capability: concernThe SKILL.md implements Baidu image-classification calls (object/product/scene) which matches the skill name/description. However the instructions embed an API_KEY literal and expect a SECRET_KEY for OAuth, yet the registry metadata declares no required environment variables or primary credential. That mismatch (credential use without declared env requirements) is disproportionate and incoherent.
Instruction Scope: noteInstructions tell the agent to read local image files and download images from URLs (expected for this function). They also reference helper functions (get_access_token, encode_image) that are not defined, and include a hard-coded API_KEY string in the doc. The SKILL.md prints a local filesystem layout that reveals a developer username/path (/Users/guojiaming/...), which is unnecessary for operation and leaks provenance. There are no instructions to read unrelated system files, but the credential handling is underspecified and risky.
Install Mechanism: okNo install spec and no code files — instruction-only — so nothing is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials: concernThe runtime examples require OAuth client_id/client_secret (API_KEY/SECRET_KEY), but the skill metadata lists no required env vars or primary credential. A long API_KEY is hard-coded into SKILL.md while SECRET_KEY is left as '需要补充' ('needs filling'), which is inconsistent and suggests either leaked credentials or incomplete configuration guidance. The skill, as published, may cause users to paste secrets into code or agent environment without clear guidance.
Persistence & Privilege: okalways:false and no install actions; the skill does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with other high-risk flags here.