Back to skill
Skillv0.0.1
ClawScan security
Alibabacloud Bailian Voice Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 2:02 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill implements ASR/TTS as claimed but includes code that reads/writes your Alibaba CLI config and can invoke the local 'aliyun' CLI to create API keys — behavior that is not declared in the skill metadata and is broader than a simple TTS/ASR integration.
- Guidance
- This skill's functionality (ASR/TTS) is plausible, but exercise caution before installing: it will try to read and write your Alibaba CLI config (~/.aliyun/config.json), invoke the local 'aliyun' CLI (and attempt to install a plugin), and can auto-create DashScope API keys using your configured Alibaba credentials. These behaviors require access to your cloud account credentials and modify local configuration but are not declared in the skill metadata. If you plan to use it, consider: 1) only run it in an environment where you control the Alibaba credentials (or use a least-privilege RAM user), 2) set DASHSCOPE_API_KEY explicitly in the environment instead of allowing auto-creation, 3) review and back up ~/.aliyun/config.json before use, and 4) be prepared that pip installs (dashscope) and 'aliyun' subprocesses may be executed. If you cannot accept the skill modifying local config or creating API keys on your behalf, do not install.
Review Dimensions
- Purpose & Capability
- concernName/description state ASR/TTS. The included Python code implements that, but the skill metadata declares no required env vars, binaries, or config paths while the code actually expects DASHSCOPE_API_KEY, may read/write ~/.aliyun/config.json, and can call the local 'aliyun' CLI (including auto-installing a plugin). Those OS-level interactions (CLI subprocesses and modifying ~/.aliyun/config.json) are not reflected in the declared requirements and are disproportionate to a minimal TTS/ASR client.
- Instruction Scope
- concernSKILL.md requires using the provided get_api_key() function or DASHSCOPE_API_KEY and forbids fallback services, which matches the code. However the runtime instructions and code direct the agent to: read ~/.aliyun/config.json, use environment credentials, auto-create API keys via 'aliyun modelstudio create-api-key', and auto-install a plugin via 'aliyun plugin install'. Those steps access system state and credentials beyond simple API calls and expand the agent's scope to credential provisioning and local config modification.
- Install Mechanism
- noteThere is no formal install spec (instruction-only), but scripts include requirements.txt and SKILL.md notes to pip install dashscope if missing. No remote arbitrary downloads or obscure URLs are used. The risk is that the agent may run pip (network install) and invoke system 'aliyun' commands as subprocesses; this is expected for this integration but should be acknowledged.
- Credentials
- concernThe skill metadata states no required env vars, yet code reads DASHSCOPE_API_KEY and will fall back to Alibaba CLI-managed keys. The api_key module can auto-create an API key using the user's configured Alibaba CLI credentials (AK/SK), and writes the new DashScope api_key into ~/.aliyun/config.json. Requesting the ability to create and persist cloud API keys and to access existing CLI credentials is high privilege relative to a simple TTS/ASR skill and is not documented in the registry metadata.
- Persistence & Privilege
- concernThe skill modifies the user's Alibaba CLI config file (~/.aliyun/config.json) to store created API keys and will run local 'aliyun' CLI commands (including plugin installation). Although 'always' is false and the skill is not force-enabled, modifying a user's CLI configuration and creating cloud API keys is a persistent, elevated action that affects system state and cloud account credentials.