v1.0.7

openlens-skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:22 AM.

Analysis

This appears to be a functional media-generation skill, but it needs review because it ships a plaintext API key and explicitly advertises bypassing content-safety filtering.

GuidanceReview before installing. Do not use the package until the bundled API key is removed and rotated, credentials are clearly declared, and you are comfortable with the unfiltered generation behavior. If you proceed, use a virtual environment, trusted API endpoints, your own scoped keys, and explicit confirmation before uploading private media.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

It bypasses content filtering restrictions ... Pure pass-through: no content filtering, no safety middleware

The skill explicitly advertises bypassing safety controls for AI generation rather than merely describing a normal provider integration.

User impactAn agent or user could generate content that normal provider or platform safeguards would block, creating policy, legal, or safety exposure.

RecommendationOnly use with trusted endpoints and explicit human approval; add content policy checks or moderation if the skill will be available to agents or other users.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

RELEASE-v1.0.7.md

**配置保护**: `config.json` 加入 `.gitignore` ... **密钥清理**: 从 Git 历史中彻底删除敏感配置

The release notes claim config and secret cleanup, but the submitted artifact set still includes config.json with a plaintext API key.

User impactUsers may over-trust the skill's secret-handling posture and install it without noticing exposed credentials.

RecommendationCorrect the release notes and documentation, remove secret-bearing files from distributed artifacts, and verify the published package before release.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

streamlit>=1.28.0
requests>=2.31.0

Dependencies are specified as version ranges, so setup will resolve current packages from the package index rather than pinned, hash-verified artifacts.

User impactThis is common for small Python tools, but installs may change over time depending on package-index state.

RecommendationInstall in an isolated virtual environment and prefer pinned, reviewed dependency versions for production use.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

config.json

"video_api_key": "sk-px-97d6...[redacted]", "text_api_key": "sk-px-97d6...[redacted]"

The package ships a bearer-style provider API key in plaintext configuration, while the registry metadata says there is no primary credential.

User impactAnyone receiving the skill package may obtain or misuse the bundled credential, and users may not realize credential handling is part of the skill.

RecommendationRemove config.json from the package, rotate or revoke the exposed key, declare credential requirements, and use environment variables or a secret store instead of plaintext bundled secrets.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

skill_main.py

files["image"] = open(image_path, "rb") ... files["video"] = open(video_path, "rb") ... requests.post(url, headers=headers, data=data, files=files, timeout=60)

For image-to-video and video-to-video tasks, local media files are uploaded to the configured external API.

User impactThis is expected for the stated feature, but private images or videos could be sent to whatever endpoint is configured.

RecommendationUse only trusted API endpoints, avoid sensitive local media unless necessary, and require user confirmation before uploading local files.