ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

appearance score

v1.0.0

Multi-face appearance / attractiveness scoring: POST multipart image to Synerunify predict API. Apply when the user asks in English (e.g. face attractiveness...

0· 100·0 current·0 all-time
by@qiushosens

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for qiushosens/appearance-score.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "appearance score" (qiushosens/appearance-score) from ClawHub.
Skill page: https://clawhub.ai/qiushosens/appearance-score
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install appearance-score

ClawHub CLI

Package manager switcher

npx clawhub@latest install appearance-score
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description and SKILL.md align: it uploads images to https://synerunify.com/api/process/appearance/predict and returns face scores. However, there is no source/homepage, no operator information, and no declared authentication — the absence of provenance for the remote service is notable.
!
Instruction Scope
Instructions tell the agent to upload user images (face photos) to a remote API and parse responses. They do not require or recommend obtaining explicit user consent, warn about sending potentially sensitive biometric data, or describe how the remote service stores/uses images. Transmitting identifiable face images to an unknown third party without these safeguards is a privacy and policy risk.
Install Mechanism
No install spec or code files — instruction-only skill. No binaries or downloads are requested, so nothing is written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested, which is proportionate to the described anonymous API usage. That said, the lack of required auth means images are sent to an apparently unauthenticated endpoint — this may be by design but increases uncertainty about who receives/stores the data.
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent privileges or modify other skills. It can be invoked by the agent normally; that autonomous ability is standard and not by itself a concern.
What to consider before installing
This skill will send user photos (faces) to https://synerunify.com for attractiveness scoring. Before installing or using it, consider: (1) privacy — you may be sending biometric/identifiable data to an unknown third party; verify the service operator, privacy policy, and data retention practices; (2) consent — ensure you have explicit permission from every person in a photo (and avoid minors); (3) legal/compliance — biometric data may be regulated in your jurisdiction; (4) test with non-sensitive images first and confirm TLS/certificate validity; (5) if you need stronger guarantees, prefer a local model or a well-documented vendor that requires credentials and provides data-use controls. If you cannot verify the remote service or you need to protect sensitive images, do not use this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk971yw6q4agtc7n6y5ss7ats1x83m3wf
100downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@qiushosens
latest
Download

Appearance scoring (predict)

Endpoint

  • Method: POST
  • URL: https://synerunify.com/api/process/appearance/predict
  • Content-Type: multipart/form-data
  • Field: image (required; image file; use a real image MIME such as image/jpeg)
  • Query: Omit; server defaults apply.

Response JSON

Top level:

  • code: 200 means success
  • message: human-readable status text
  • data: present on success; may be incomplete on failure

Inside data:

  • count: number of scored faces
  • size: { "width", "height" } of the original image in pixels
  • faces: array of items with:
    • region: { x1, y1, x2, y2, width, height } in original-image pixels
    • score: float; you may round for display

On errors or no faces, read message; data.faces may be empty.

Examples

curl

curl -sS -X POST "https://synerunify.com/api/process/appearance/predict" \
  -F "image=@/path/to/photo.jpg"

Python

import requests

url = "https://synerunify.com/api/process/appearance/predict"
with open("photo.jpg", "rb") as f:
    r = requests.post(url, files={"image": ("photo.jpg", f, "image/jpeg")}, timeout=120)
r.raise_for_status()
payload = r.json()
if payload.get("code") != 200:
    raise RuntimeError(payload.get("message", "API error"))
faces = payload["data"]["faces"]
scores = [round(f["score"]) for f in sorted(faces, key=lambda x: x["region"]["x1"])]

Agent rules

  1. Upload only via multipart field image; do not append query params; do not switch to JSON/Base64 unless the API docs explicitly say so.
  2. When multiple faces are present, sort by region.x1 (left-to-right) before reporting scores.
  3. On failure, surface message and the HTTP status first.

Comments

Loading comments...