Back to skill
Skillv1.0.0
ClawScan security
image-reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 7:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and configuration are consistent with an image-recognition skill that sends base64-encoded images to a third-party OpenAI-compatible API; nothing in the package appears intentionally malicious, but it will transmit user images (and requires an API key) so treat sensitive images cautiously.
- Guidance
- This skill will upload the full image you provide (encoded as base64) to the API endpoint configured in config.yaml (default: https://ark.cn-beijing.volces.com/api/coding/v3). Before installing or using it: 1) Do not send sensitive images (passwords, government IDs, medical records, proprietary screenshots) unless you trust the remote provider and its privacy policy. 2) Store your API key securely (preferably not committed in plaintext config files); consider using an env var or secret manager and modifying the script to read it from there. 3) Verify the API endpoint and provider (ark.cn-beijing.volces.com / volces.com) and confirm you are comfortable with their data handling. 4) Note the script uses a very large max_tokens value (64000) — this may be unsupported or cause unexpected behavior/billing; consider lowering it. If you want higher confidence, ask the publisher for provenance (homepage, organization), a privacy statement, and explicit guidance on API key handling.
- Findings
[no_findings] expected: Static scan reported no regex findings. The visible code performs expected network calls to the configured API endpoint to send base64-encoded images and does not show obfuscated or suspicious constructs.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, config.yaml, README, and image_reader.py all align: the skill encodes images and calls an OpenAI-compatible multimodal model endpoint to perform OCR/description.
- Instruction Scope
- noteRuntime instructions and the script only read the included config.yaml and the image file, then send the image (base64 data URI) to the configured API endpoint. This is within scope for an image-analysis tool, but it means user images (potentially sensitive) are uploaded to a remote service; SKILL.md does not warn about privacy/PII implications.
- Install Mechanism
- okNo install spec is provided (instruction-only plus a Python script). Dependencies are limited to openai and pyyaml as declared. No arbitrary downloads or extract operations are present.
- Credentials
- noteNo environment variables are required, but an API key is expected in config.yaml. Storing an API key in a plaintext config file is functional but may be undesirable; README's claim that "default configuration is built in and can be used directly" is ambiguous and could encourage accidental use of embedded credentials if present.
- Persistence & Privilege
- okThe skill is user-invocable, not always-enabled, and does not request elevated system privileges or modify other skill configs. It does not persist beyond its files.