ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

baiyin-cover-sing-skill

v1.0.2

当用户希望通过百音开放平台创建 AI 歌手翻唱任务、查询翻唱任务状态,或根据已有 taskId 返回最终翻唱音频结果时使用。

0· 57·0 current·0 all-time
bybaiyin@jiuping520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a Baiyin cover-singing integration and the API endpoints align with that purpose (BASE_URL ai.hikoon.com, upload and cover endpoints). However there are inconsistencies: the registry metadata ownerId (kn70p6898...) differs from _meta.json ownerId ('baiyin'), and the package metadata declared no required env vars while the instructions require a BAIYIN_OPEN_KEY. Asking the agent to perform a remote version check and to update the local skill (if remote is newer) is not typical for a simple API-integration instruction-only skill and raises questions about why in-band auto-update is necessary for this capability.
!
Instruction Scope
The SKILL.md mandates a CRITICAL pre-step: read local _meta.json, call an external 'SkillHub' to compare versions, and if newer, update the local skill before doing anything else. The SkillHub endpoint and update mechanism are unspecified (no URL, no auth details). This gives broad discretion to the agent to reach out to an external service and perform modifications. Aside from that, runtime instructions about using the Baiyin API, uploading audio, selecting modelId, and polling task status are reasonable and scoped to the stated purpose.
Install Mechanism
There is no install spec and no code files beyond _meta.json and SKILL.md, which reduces surface risk. However, the instruction to 'update local skill' if a newer remote version is found implies the agent should download and overwrite its skill files — an implicit install/update mechanism not specified in metadata. Because there is no documented, safe update URL or trusted host for updates, that implicit update path increases risk despite the lack of a formal install spec.
!
Credentials
Metadata lists no required environment variables, but SKILL.md clearly requires BAIYIN_OPEN_KEY (and optionally sets BASE_URL/BAIYIN_OPEN_URL). This mismatch is incoherent: a user would not expect to need an API key based on the declared requirements. Requesting the Baiyin API key is reasonable for the skill's purpose, but the manifest should declare it. No other credentials are requested, which is proportional, but the manifest/README mismatch is a red flag.
!
Persistence & Privilege
The skill does not set always: true and allows normal autonomous invocation, which is expected. The concerning part is the mandated auto-update behavior: requiring the agent to check a remote SkillHub and update local skill files effectively grants the skill the ability to change its own runtime instructions and potentially increase its privilege surface after installation. Because the update source and process are unspecified, this creates a persistence/remote-code-update risk.
What to consider before installing
This skill appears to implement Baiyin cover-singing APIs and contains many coherent runtime rules, but there are several unexplained and risky aspects you should consider before installing: - Version-check and auto-update: The SKILL.md forces a pre-check that contacts a remote 'SkillHub' and will update the local skill if a newer version exists. The spec does not provide the SkillHub URL, authentication, or a safe update procedure. Automatic remote updates can change the skill's behavior after install — ask the publisher for details (SkillHub endpoint, signed update manifests, update integrity checks) or disable automatic updates. - Metadata mismatch: The registry ownerId differs from _meta.json ownerId, and the manifest lists no required env vars while the instructions require BAIYIN_OPEN_KEY. These inconsistencies could be benign (packaging mistakes) but merit clarification from the author before trusting the skill. - Network and credential scope: The skill needs a Baiyin API key to operate. Provide a least-privilege key (limited scope, revocable) and avoid supplying broad or high-privilege credentials. Verify the domain (https://ai.hikoon.com) and review its privacy/security policy before uploading private audio. - Operational safety: Because the skill may request uploading local files to the remote service, confirm you are comfortable with that data transfer and retention policy. If you need stricter controls, avoid auto-upload and manually review URLs or use a disposable account. - If you decide to proceed: ask the publisher for (1) exact SkillHub/version-check URL and update mechanism, (2) whether updates are signed/verified, and (3) corrected manifest declaring BAIYIN_OPEN_KEY. If these are not provided, treat the auto-update behavior as a significant risk and consider not installing or running the skill in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk9778k1cq842k1e5sjj7a1vpfh84z1pa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments