ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

image-url-qiniu

v1.0.0

Download an image from a user-supplied HTTP(S) URL and upload it to Qiniu cloud. Use when the user gives an image link and wants it stored on Qiniu (backup,...

0· 14·0 current·0 all-time
by@lubin1127
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md clearly require QINIU_ACCESS_KEY, QINIU_SECRET_KEY, QINIU_BUCKET, and QINIU_PUBLIC_BASE_URL to function; however the registry metadata lists no required environment variables. That mismatch is incoherent: the skill cannot work without those Qiniu credentials but they are not declared in the metadata/manifest.
!
Instruction Scope
Runtime instructions tell the agent to fetch arbitrary user-provided http(s) URLs and run the included script. The SKILL.md says only to handle publicly accessible URLs, but the script will happily request any reachable URL — creating a server-side request forgery (SSRF) risk (internal hosts, metadata endpoints, etc.). The instructions also allow disabling SSL verification (a risky option). The agent is told to read environment variables for credentials (which is expected) but those env vars are not declared in the manifest.
Install Mechanism
This is instruction-only with an included Python script; no install spec is provided. The skill requires the 'uv' binary (declared) and the script lists Python packages (requests, qiniu) in comments but does not include an installer. It appears to rely on the runtime environment/'uv' to provide dependencies — verify that 'uv' and the Python dependencies are available. No external download URLs are used.
!
Credentials
The environment variables the script requires (full Qiniu access key and secret, bucket name, public base URL) are appropriate for uploading to Qiniu, but they are sensitive and should be declared in the skill metadata (they are not). The skill does not request unrelated credentials, but the manifest omission is an important discrepancy.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system modifications or access to other skills' configs. It runs on invocation and does not attempt to persist or escalate privileges.
What to consider before installing
This skill does what it says (downloads a URL and uploads to Qiniu) but two things to check before installing: (1) metadata mismatch — the skill requires QINIU_ACCESS_KEY, QINIU_SECRET_KEY, QINIU_BUCKET, and QINIU_PUBLIC_BASE_URL at runtime but the registry metadata does not advertise these; do not put those secrets into chat, they must be set in the process environment. (2) SSRF and network risk — the script will fetch any provided URL, so avoid passing internal or sensitive endpoints and consider network egress controls or allowlist/denylist checks. Also ensure the 'uv' binary and the script's Python dependencies (requests, qiniu) are available in your environment. Prefer using a dedicated Qiniu account/bucket with limited permissions, consider using signed/private buckets if you need tighter control, and test in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a60vm50md5jjpe4a6ka3kps8495sk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📦 Clawdis
Binsuv

Comments