ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Canvas Workspace

v1.4.4

画布工作区操作能力。当需要生成图片、编辑图片、将图片推送到画布、或处理用户画布标记时激活。 包含:(1) Qwen 图片生成/编辑案例脚本(文生图与编辑图分离,作为可复制的 MVP 模板), (2) 画布操作 API(推送图片、查看状态、批量注入图片), (3) 画布图片协议(用户标记/选中图片后的 JSON 文...

0· 67·0 current·0 all-time
by@quanming1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, included Python scripts, and SKILL.md consistently implement image generation, editing, pushing to a local canvas and parsing canvas marker JSON. Required binaries (python3, npx) are reasonable. Minor inconsistency: registry metadata declares only QWEN_TEXT_IMAGE_API_KEY as required, but the docs and scripts clearly use additional env vars (QWEN_EDIT_IMAGE_API_KEY, GEMINI_* and CANVAS_SERVER). This mismatch is surprising but explainable (Qwen is primary, others optional).
!
Instruction Scope
SKILL.md mandates steps that go beyond a simple helper: run `npx deepminer-claw-canvas@latest` (dynamic remote package execution), ask the user for multiple provider API keys, and instruct the user to set those keys as permanent system environment variables. Scripts will download arbitrary images/marker JSON from URLs and may read local marker JSON files. Those actions are coherent with the canvas use case but the requirement to make keys permanent and to run a network-fetched npm package increases the attack surface.
!
Install Mechanism
There is no formal install spec, but the activation flow requires running `npx deepminer-claw-canvas@latest`. Using npx@latest fetches and executes code from the npm registry at runtime (unknown package name). That is convenient but riskier than running only the included local scripts. The included Python scripts themselves are plain, but the runtime instruction to run an external npm package should be reviewed (verify package source and contents) before running.
!
Credentials
Metadata lists a single required env var (QWEN_TEXT_IMAGE_API_KEY) while SKILL.md instructs the user to set multiple permanent environment variables (QWEN_TEXT_IMAGE_MODEL, QWEN_EDIT_IMAGE_API_KEY, GEMINI_* variants, QWEN_BASE_URL, CANVAS_SERVER). Requiring permanent, system‑wide API keys is more intrusive than necessary for many one‑off tasks; the skill also defaults GEMINI_BASE_URL to a third‑party host (https://api.mmw.ink) which may be unexpected. Requesting API keys for remote model providers is expected for this functionality, but the permanence and breadth of env changes is disproportionate and should be handled with caution (ephemeral or per-process envs are safer).
!
Persistence & Privilege
The skill does not set always:true and does not modify other skills, but it explicitly instructs users to set permanent environment variables and to run a long‑running local service via npx. That gives lasting system presence (environment variables + a local server) that increases blast radius if keys are leaked or the npx package is malicious. This is a normal design for a local canvas app but should be noted as a privilege request.
What to consider before installing
Before installing/running this skill: (1) verify the npm package 'deepminer-claw-canvas' source and consider inspecting its code (npx will fetch and execute it); (2) avoid writing API keys permanently to system-wide env vars if possible — prefer exporting them in the current shell or using ephemeral tokens; (3) confirm the GEMINI_BASE_URL and other default endpoints (api.mmw.ink, dashscope.aliyuncs.com) are acceptable to you; (4) review or run the included Python scripts in an isolated environment (container/VM) first — they will download arbitrary image URLs and may fetch data from external model APIs; (5) if you must provide provider API keys, consider creating limited-scope or expendable keys and restrict network access where feasible. These steps will reduce risk from running a remotely-fetched npm package and from permanently exposing credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bgst9qecapsf7wtk7gazk51844xgs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Binspython3, npx
EnvQWEN_TEXT_IMAGE_API_KEY
Primary envQWEN_TEXT_IMAGE_API_KEY

Comments