ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Large Model Visual Question Answering Skill | 大模型视觉问答技能

v1.0.0

Conducts open-ended Q&A on image content based on computer vision and large language models, supporting any questions to receive natural language responses....

0· 22·0 current·0 all-time
by生命涌现@raymond758
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (visual question answering) aligns with the included scripts (visual_qa_analysis.py, face_analysis, smyx_common). However the bundle includes a large common library (smyx_common) and a separate face_analysis skill set — more capability than a minimal VQA tool. That extra functionality (local DAOs, many API endpoints and export URLs) is plausible for a production VQA product but is heavier than the SKILL.md's declared dependencies (only requests>=2.28.0).
!
Instruction Scope
SKILL.md explicitly forbids reading local memory files and LanceDB and mandates fetching history only from a cloud API, yet the codebase contains local persistence components (SQLite DAO, get_db_path writing under workspace/data, many filesystem reads) and BaseEnum/config loading which reads config.yaml files. The runtime instructions direct running scripts that will import modules which read config files, environment variables, and may create a local DB and files — behavior that contradicts the stated absolute prohibition on local-memory access.
Install Mechanism
There is no install spec (instruction-only), which reduces install-time risk. But the repository contains multiple requirements files (skills/smyx_common/requirements.txt and others) listing a very large dependency set. The SKILL.md lists only requests>=2.28.0 — that's inconsistent. If a user were to run or install this skill, they may need to install many packages not declared in the metadata.
!
Credentials
Registry metadata declares no required env vars, but the code reads multiple environment/config sources: OPENCLAW_WORKSPACE, OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID and several config.yaml files under skills/smyx_common and skills/face_analysis. The SKILL.md also requires obtaining an 'open-id' (which may be a username or phone) via config files or user prompt. Requesting/reading these env vars and local config files is disproportionate to a minimal VQA helper and is not declared in the skill metadata.
!
Persistence & Privilege
The code will create/read local artifacts: it constructs a SQLite DB under the workspace 'data' directory (smyx-common-claw.db) and expects/loads config.yaml files. Although the skill is not 'always: true', it still persists data to disk and can read environment/workspace configuration. That persistence and local DB creation is a non-trivial privilege not called out in the SKILL.md restrictions.
What to consider before installing
This package appears to implement visual question answering but includes extra libraries and behaviors that are not declared in the metadata or SKILL.md. Before installing or running: - Inspect the network endpoints and default config (skills/smyx_common/scripts/config.yaml and config-prod/dev/test) — the default base URLs point to lifeemergence/open API domains; confirm you trust those services. - Expect the code to read environment variables (OPENCLAW_WORKSPACE, OPENCLAW_SENDER_OPEN_ID, etc.) and to create a local SQLite DB under the workspace/data directory (smyx-common-claw.db). If you don't want local persistence, do not run it on sensitive machines. - The SKILL.md requires an 'open-id' (username/phone) to be provided; avoid entering sensitive personal identifiers until you confirm the backend and privacy policy. - The repository includes large requirement lists (smyx_common) not declared in metadata; review skills/smyx_common/scripts/util.py and RequestUtil.http_post to find where and what data is transmitted. - If you need only simple VQA behavior, consider a smaller, self-contained skill or run the scripts in an isolated environment (container or VM) and monitor outbound network calls. If you can provide the contents of skills/smyx_common/scripts/util.py (RequestUtil) and the effective config.yaml values you will use, I can give a higher-confidence assessment and point out exactly what data would be sent to which endpoints.
!
skills/smyx_common/scripts/config-dev.yaml:2
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk977181yv4zywasqd565c22q6x845m81

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments