ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ntriq X402 Alt Text Batch

v1.0.0

Batch-generate WCAG-compliant alt text for up to 500 images in one call. Flat $3.00 USDC via x402.

0· 42·1 current·1 all-time
byntriq@ntriq-gh
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (batch alt-text up to 500 images) align with the runtime instructions which call a remote API. However the SKILL.md also claims "100% local inference on Mac Mini," which contradicts the explicit POST to https://x402.ntriq.co.kr/alt-text-batch and payment flow — that's inconsistent.
!
Instruction Scope
The instructions require POSTing image URLs and an X-PAYMENT header to a third-party endpoint. That means image locations (and possibly image content if the service fetches them) and payment metadata will be transmitted externally. There are no instructions about how to build X-PAYMENT, how long it lives, or how to protect payment credentials. The SKILL.md does not instruct the agent to read local files or other system secrets, which is good, but it also lacks guidance about sensitive images or privacy.
Install Mechanism
Instruction-only skill with no install spec or downloaded code — lowest install risk.
!
Credentials
The service requires an X-PAYMENT header for a paid call, but the skill declares no required environment variables or primary credential. That mismatch is notable: a payment or signing secret is presumably necessary to call the API, yet the skill doesn't declare how that secret should be supplied or stored. No other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill doesn't request persistent system privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high privileges.
What to consider before installing
Before installing or using this skill: (1) Clarify the apparent contradictions — ask the author whether inference is local or remote and how X-PAYMENT is generated and stored. (2) Treat image URLs and resulting uploads as potentially sensitive: do not send private or PII-containing images until you confirm the service's privacy policy and retention practices. (3) Request documentation or an SDK/example showing how to produce X-PAYMENT safely (ideally via a short-lived token or an env var the skill declares). (4) Test with a small non-sensitive dataset and confirm exact network behavior (does the endpoint fetch the images, or do you need to upload image bytes?). (5) If you require stronger guarantees, prefer a skill that documents authentication (explicit env var names) and does not claim contradictory execution modes (local vs remote).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6x3m27gcn7hmnfh9hkv7ah84tk07
42downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
ntriq@ntriq-gh
latest
Download

Alt Text Batch (x402)

Generate WCAG-compliant alt text and descriptions for up to 500 images in a single call. Flat $3.00 USDC — no per-image overhead. 100% local inference on Mac Mini.

How to Call

POST https://x402.ntriq.co.kr/alt-text-batch
Content-Type: application/json
X-PAYMENT: <x402-payment-header>

{
  "images": [
    "https://example.com/product1.jpg",
    "https://example.com/product2.jpg"
  ],
  "context": "e-commerce product catalog",
  "max_length": 125
}

Parameters

ParameterTypeRequiredDescription
imagesarrayImage URLs (max 500)
contextstringShared context for all images
max_lengthintegerMax chars per alt_text (default: 125)
languagestringOutput language (default: en)

Example Response

{
  "status": "ok",
  "count": 2,
  "results": [
    {
      "image_url": "https://example.com/product1.jpg",
      "status": "ok",
      "alt_text": "Red leather office chair with adjustable armrests",
      "description": "A high-back executive office chair in red genuine leather with lumbar support."
    },
    {
      "image_url": "https://example.com/product2.jpg",
      "status": "ok",
      "alt_text": "Blue standing desk with cable management tray",
      "description": "An electric height-adjustable standing desk in matte blue finish."
    }
  ]
}

Payment

  • Price: $3.00 USDC flat (up to 500 images)
  • Network: Base mainnet (EIP-3009 gasless)
  • Protocol: x402
curl https://x402.ntriq.co.kr/services

Comments

Loading comments...