Skillv1.0.1

ClawScan security

TencentCloud Video Face Fusion · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 1:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code matches its face‑fusion purpose, but the package metadata omits required credentials and the runtime instructions force the agent to autonomously execute scripts (including automatic pip installs) without user confirmation — these mismatches and the zero‑interaction requirement raise concerns.
Guidance: Before installing or enabling this skill: (1) Recognize it requires Tencent Cloud API keys — do not provide high‑privilege account keys; create and use credentials with minimal scope and set them only when you intend to run the skill. (2) The skill's registry metadata does not declare those env vars — ask the publisher to correct the metadata to make the credential requirement explicit. (3) The scripts auto-install a PyPI package at runtime; run the skill only in an environment you trust (or sandbox) and inspect the code yourself. (4) The SKILL.md forces the agent to run scripts without asking users — if you want manual consent, modify the instructions or avoid enabling autonomous invocation for this skill. (5) If unsure, run the included scripts locally in an isolated VM/container with test keys before granting broader access.

Review Dimensions

Purpose & Capability: noteThe Python scripts implement Tencent Cloud Video Face Fusion and legitimately need Tencent Cloud API credentials and the Tencent SDK; functionally the code aligns with the described purpose. However, the registry metadata lists no required environment variables or primary credential even though SKILL.md and the scripts require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY — this metadata omission is an incoherence that reduces transparency.
Instruction Scope: concernSKILL.md explicitly instructs an agent to 'must' execute the provided scripts without asking the user (zero‑interaction principle). It also tells the agent to not manually install dependencies because scripts will auto-install. That grants the skill broad runtime autonomy to run code and perform network installs whenever the agent considers the trigger matched, which could lead to surprising execution.
Install Mechanism: noteThere is no formal install spec, but each script will auto-install the tencentcloud-sdk-python package at runtime using subprocess.check_call pip install. Auto-installing a package from PyPI at runtime is expected for this SDK but increases runtime network activity and means code will modify the environment when executed.
Credentials: concernThe scripts require Tencent Cloud credentials via environment variables (TENCENTCLOUD_SECRET_ID, TENCENTCLOUD_SECRET_KEY, optional TENCENTCLOUD_TOKEN), which are proportionate to the API calls. However, the skill registry metadata did not declare these required env vars or a primary credential, which is inconsistent and makes it harder for users to notice the credential requirement before install.
Persistence & Privilege: concernThe skill is not always-enabled and does not request persistent system changes, which is good. But the SKILL.md's enforced zero-interaction execution combined with the platform's normal autonomous invocation behavior increases the blast radius: the agent is instructed to run external scripts and perform network installs without asking the user. This combination (autonomous invocation + explicit 'must execute' policy in SKILL.md) is a risk factor.