ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

visual-grounding

v1.0.0

Use GLM-4.7V's multimodal grounding capability to detect and locate objects/text in images. Activate when user asks to find, locate, detect, or ground specif...

0· 124·0 current·0 all-time
byJi Qi@qijimrc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes grounding via an HTTP model API and visualization helpers — consistent with the skill name. However the doc references helper modules (interface_http, utils_boxes) that are not included in the package and references an internal config path (/root/.openclaw/agents/main/agent/models.json). The registry metadata declares no env vars or binaries required, but the instructions explicitly tell callers to set NO_PROXY and to contact an internal model host (e.g., 172.20.112.202). These are plausible for a local-model grounding skill but are not declared in metadata.
!
Instruction Scope
Instructions tell the agent to set NO_PROXY and call an internal HTTP model endpoint and to parse model responses for bounding boxes — behavior expected for grounding. However the SKILL.md also describes parsing/expanding truncated replies and contains obfuscation/prompt-injection signals (base64-block, unicode-control-chars). The document does not instruct arbitrary file reads, but it references internal config paths and helper modules not supplied, and the included guidance could be used to coax the agent to access internal resources. That ambiguity is concerning.
Install Mechanism
No install spec and no code files (instruction-only) — lowest-risk distribution. Nothing in the package will be written to disk by an installer step.
!
Credentials
The skill declares no required credentials, which matches a local-model grounding use, but the SKILL.md instructs setting NO_PROXY to bypass proxies and contains examples with an internal IP. The package also contains a large session log (ssssss.json) that exposes a tool/system prompt and an Authorization header string (Bearer idonthaveakey). Including such an internal transcript in the skill bundle is unexpected and could leak sensitive run-time details or be used to manipulate behavior; this is disproportionate for a simple grounding skill.
Persistence & Privilege
always is false and there are no install hooks or instructions to modify other skills or global agent settings. The skill does not request persistent/autonomous privileges beyond normal invocation.
Scan Findings in Context
[base64-block] unexpected: A base64 block pattern was detected in SKILL.md; a grounding/integration doc normally doesn't need encoded payloads. This can indicate obfuscated content or prompt-injection attempts and should be inspected.
[unicode-control-chars] unexpected: Unicode control characters were detected in SKILL.md. These are often used to try to hide or manipulate text rendering (prompt injection). Not expected for a straightforward grounding instruction file.
What to consider before installing
Do not install blindly. Steps to take before proceeding: - Verify the skill author/source; this package contains an oversized session log (ssssss.json) that is unnecessary for a grounding helper — inspect or remove it. - Open SKILL.md and search for any base64 or invisible/unicode-control characters; if present, ask the author to explain them or provide a clean copy. - Confirm the helper modules referenced (interface_http, utils_boxes) actually exist on the agent environment; the skill provides no implementation files. - Be cautious setting NO_PROXY or pointing to internal IPs; avoid exposing network services or credentials. If you must test, run in an isolated/sandbox agent and do not provide sensitive creds. - If you plan to use an internal model endpoint, verify models.json and endpoint addresses come from a trusted admin and that no secrets are embedded in skill files. - If anything remains unclear (why the session log is included, what the obfuscated content is), contact the skill maintainer and request a minimal, clean SKILL.md and the missing helper modules before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9721tr046tkxf3vp9drsm9209836krg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments