ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Caption

Caption - command-line tool for everyday use

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 48 · 0 current installs · 0 all-time installs
byBytesAgain2@ckchzh
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (caption/caption-generator for images/social media/batch processing) matches the script's observable behavior (local content entries, logs, export/status commands that operate on ~/.local/share/caption). However there are discrepancies: SKILL.md documents commands like `caption run`, `caption list`, and `caption add` while the shipped script implements different commands (draft, edit, optimize, etc.). Registry version (1.0.2) does not match SKILL.md/script version (v2.0.0). These mismatches reduce confidence that the packaging accurately reflects runtime behavior.
!
Instruction Scope
SKILL.md instructs use of commands that do not appear in the script (e.g., `caption run`, `caption add`) so an agent following the SKILL.md may call commands that the script does not implement. The runtime script itself operates only on user-home paths (~/.local/share/caption) and does not reference external endpoints in the visible portion, but the mismatch between documentation and script is notable and could cause unexpected agent behavior.
Install Mechanism
No install spec is provided (instruction-only). The skill includes a shell script but does not attempt to download or install external packages or execute remote installers. This is low-risk from an install-mechanism perspective.
Credentials
No required environment variables or credentials are declared. SKILL.md advertises an optional CAPTION_DIR environment variable to change data directory, but the visible script sets DATA_DIR from HOME and does not appear to read CAPTION_DIR (so the declared configuration option may not be implemented). Requested access is otherwise minimal and limited to the user's home directory.
Persistence & Privilege
The skill does not request always:true, does not require system-wide configuration changes, and only writes files under the user's home (~/.local/share/caption). This is consistent with its stated purpose and not privileged.
What to consider before installing
This skill appears to be a local caption/copywriting tool that stores data under ~/.local/share/caption and does not make network calls in the visible code. However, there are packaging inconsistencies you should resolve before trusting it: (1) SKILL.md lists commands (caption run/list/add) that the included script does not implement — an agent invoking those commands may fail or behave unexpectedly; (2) the registry version (1.0.2) differs from the script/SKILL.md version (v2.0.0); (3) SKILL.md mentions CAPTION_DIR but the script does not appear to honor it. Recommended actions before installing or enabling autonomous use: run the script manually in a safe environment, inspect the remainder of the script (ensure there are no hidden network calls or execs in the truncated portion), test behavior on a throwaway account or VM, and confirm which command names the agent will call. If you require the CAPTION_DIR feature or specific commands, ask the publisher for a corrected package or updated documentation. Because of the mismatches, treat this package as suspicious until those inconsistencies are fixed.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97bbp980h303ws5j9mk295xms830d4a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Caption

Caption generator — create captions for images, videos, social media posts, alt text, subtitle formatting, and batch processing.

Commands

CommandDescription
caption runExecute main function
caption listList all items
caption add <item>Add new item
caption statusShow current status
caption export <format>Export data
caption helpShow help

Usage

# Show help
caption help

# Quick start
caption run

Examples

# Run with defaults
caption run

# Check status
caption status

# Export results
caption export json

How It Works

Tips

  • Run caption help for all commands
  • Data stored in ~/.local/share/caption/

When to Use

  • to automate caption tasks in your workflow
  • for batch processing caption operations

Output

Returns results to stdout. Redirect to a file with caption run > output.txt.

Configuration

Set CAPTION_DIR environment variable to change the data directory. Default: ~/.local/share/caption/

Powered by BytesAgain | bytesagain.com Feedback & Feature Requests: https://bytesagain.com/feedback

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…