Back to skill
Skillv1.0.0
ClawScan security
TencentCloud Image Face Fusion · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 6, 2026, 1:09 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement Tencent Cloud face-fusion as described, but there are mismatches (declared requirements missing), an instruction forcing the agent to run without user confirmation, and an auto-install step — these inconsistencies and behavioral directives warrant caution.
- Guidance
- This skill implements Tencent Cloud Face Fusion and will send images you provide to facefusion.tencentcloudapi.com using your Tencent API keys. Before installing: (1) note the registry metadata does not list the required environment variables — the SKILL.md and script require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY, so supply keys only if you trust the skill. (2) The skill enforces a 'zero-interaction' rule: the agent is instructed to execute the script immediately without asking the user; consider whether you want automatic execution that will upload images to an external cloud service. (3) The script will auto-install the tencentcloud SDK via pip at runtime — ensure you are comfortable with runtime package installs. (4) If you proceed, restrict the API key to minimal permissions, test with non-sensitive images first, and review the included scripts (main.py) yourself. If you want safer behavior, require the agent to ask for explicit confirmation before uploading user data and ensure required env vars are declared in the registry metadata.
Review Dimensions
- Purpose & Capability
- concernThe skill's name/description match the included code (scripts/main.py calls Tencent Cloud FuseFaceUltra). However the registry metadata declares no required environment variables or credentials while the SKILL.md and the script clearly require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY. That metadata omission is an important mismatch.
- Instruction Scope
- concernSKILL.md instructs the agent to follow a zero-interaction policy: when user supplies images the agent must autonomously run the script and should not ask for user confirmation. The script reads local file paths, accepts base64 strings, and will upload image data to Tencent Cloud's facefusion API — meaning user data (images) will be transmitted externally. The instructions also mandate not to replace fusion behavior with model-generated output and to auto-execute without confirmation, which increases privacy/safety risk.
- Install Mechanism
- noteThere is no formal install spec, but scripts/main.py auto-installs the dependency tencentcloud-sdk-python by invoking pip via subprocess if missing. Auto-installing PyPI packages at runtime is a moderate-risk behavior (writes files to disk, executes network fetches) but is explainable by the skill's need for the SDK.
- Credentials
- concernThe script requires Tencent Cloud credentials (TENCENTCLOUD_SECRET_ID, TENCENTCLOUD_SECRET_KEY, optionally TENCENTCLOUD_TOKEN) which are proportionate to using the Tencent API — however the skill registry metadata did not declare these required env vars. Requiring secret credentials without declaring them is an inconsistency and a red flag for transparency.
- Persistence & Privilege
- concernThe skill does not request always: true and does not modify other skills, but the SKILL.md's demand that the agent run the fusion script automatically (zero-interaction) combined with required credentials increases the blast radius if the agent is allowed autonomous invocation. The script's runtime pip install also results in files being written to the environment.