Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
moonshot skills
v1.0.0使用 () 大模型进行图像分析、OCR提取、文案创作和多模态对话的智能工具
⭐ 0· 89·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (image analysis, OCR, copywriting, multimodal chat) is coherent with the included client and CLI code. However many important identifiers are missing or left as placeholders (blank model names, blank env var names, class/function names replaced by empty identifiers). The README/SKILL.md refer to a 'platform' or 'moonshot' API, but config and code use incomplete URLs like "https://api." or "https://platform./". This mismatch makes the claimed capability inconsistent with the actual runnable code.
Instruction Scope
SKILL.md instructs obtaining an API key and saving it to an environment variable, but the env var name is blank throughout the docs and code (os.getenv("") patterns). The runtime instructions and examples assume a working remote API and an API key; they do not request unrelated system data, but the missing config placeholders give the agent broad discretion (it will try to read environment variables, .env files, and send base64-encoded image data to whatever base_url is configured). The instructions are thus incomplete and grant implicit network access without a clear, correct endpoint.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the repository includes Python source and a requirements.txt. Dependencies are normal for this kind of tool (requests, pillow, python-dotenv, etc.). No downloads from arbitrary URLs or extract/install steps are present. The lack of an install manifest is a usability issue but not itself high risk.
Credentials
Registry metadata lists no required environment variables, yet the code clearly expects an API key from environment (via os.getenv with empty key) and supports BASE_URL and other env vars in docs. The env var names are blank everywhere (README, .env examples, client.py), so required secrets are unspecified and not declared. This mismatch is a red flag: the skill will attempt to use credentials but provides no clear, safe way to configure them and may be misconfigured to send sensitive data to an unintended endpoint if the base_url is changed.
Persistence & Privilege
The skill does not request persistent elevated privileges. always is false and autonomous invocation is allowed by default (expected). The code creates local output directories and writes files only for normal CLI operations; it does not modify other skills or system-wide agent configs. There is no evidence of hidden persistent services.
What to consider before installing
This package shows many placeholder values (blank env var names, incomplete URLs like "https://api.", missing class/enum identifiers) which make it nonfunctional and potentially dangerous if you try to configure it incorrectly. Before installing or using it: 1) Do not paste any real API keys into the provided .env until the developer clarifies the exact environment variable names and the official endpoint. 2) Verify and correct the base_url to a legitimate, documented API host (compare links in SKILL.md vs. config.json). 3) Inspect all code paths that send image data (client._make_request) and confirm they POST to the official service and not to any personal or malformed endpoint. 4) Run static checks (flake8/mypy) to surface truncated/malformed identifiers and ensure code compiles; treat many blank identifiers as a sign the source was redacted or corrupted. 5) Prefer running this in a sandbox/container and monitor outbound network requests to confirm the destination before using with sensitive images. If you cannot get a clear, consistent set of configuration names and a verified official API endpoint from the maintainer, avoid using the skill. Additional information that would raise confidence: corrected env var names, valid base_url and documentation links, and a release from a known homepage or repository.Like a lobster shell, security has layers — review code before you run it.
latestvk976356vntfzbz1mmv2ecqw9gs83jwcf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.