Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Vision
v1.0.0Analyze local images including screenshots, receipts, and documents to extract structured text, UI elements, and provide content summaries with confidence le...
⭐ 0· 160·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (analyze local images) matches the instruction to run a local vision tool. However, the skill depends on a hardcoded user-local script path (~/Documents/OpenClaw/workspace/scripts/vision-tool.py) and references the NUWA/Gemini API without declaring how authentication should be provided. Requiring an arbitrary local script at that path is unusual and not justified in the SKILL.md.
Instruction Scope
SKILL.md instructs the agent to run a user-local Python script with an arbitrary image path and prompt. Because the script is not included, its behavior is unknown — it could read any files under the user's home, access network endpoints, or perform other actions. The instructions do not place limits on what the script may do or where credentials come from.
Install Mechanism
There is no install spec and no code files in the skill bundle (instruction-only), which minimizes risk from untrusted downloads. However, the lack of an included script means the agent will rely on an external file that cannot be analyzed.
Credentials
The SKILL.md references NUWA Flux / gemini-3.1-pro-preview but declares no required environment variables or primary credential. It's unclear how the vision-tool.py authenticates to the external API (missing API key/env guidance). This mismatch is a red flag: either credentials are expected to exist elsewhere on the system or the script will prompt/handle them — both are security-relevant behaviors that should be declared.
Persistence & Privilege
The skill does not request persistent or always-on privileges (always:false). Nevertheless, it instructs execution of a local script which can run arbitrary code when invoked; that is a runtime privilege but not a declared persistent capability. No modifications to other skills or system-wide settings are specified.
Scan Findings in Context
[NO_CODE_FILES_PRESENT] expected: The static scanner found no code files — this is expected because the skill is instruction-only. However, the runtime depends on an external local script (vision-tool.py) that was not included, so the scanner could not analyze the actual code that will run.
What to consider before installing
Do not run or give this skill access until you verify the helper script. Ask the author to provide the vision-tool.py source or bundle it with the skill so it can be reviewed. Confirm how NUWA/Gemini credentials are stored and ensure they are not hardcoded in an opaque script. If you must test, inspect the script manually or run it inside a restricted sandbox (container) to prevent unintended file access or network exfiltration. Prefer skills that declare required env vars and include or link to verifiable code or an install step from a trusted release URL.Like a lobster shell, security has layers — review code before you run it.
latestvk977fgnaqte75e5d6vhfay803d83tak4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.