ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Qwen Vision Rename

v1.0.0

根据图片内容批量重命名本地图片文件。这是一个 skill,不是可调用工具;先用 read 打开本文件,再执行脚本命令,绝不能直接发出名为 qwen-vision-rename 的 tool call。用户提到“改名/重命名/按图片内容命名/整理图片文件名/整理图片”时必须使用本技能。默认直接执行改名,仅在用户明确...

0· 181·0 current·0 all-time
by@huiya-code

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for huiya-code/qwen-vision-rename.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Qwen Vision Rename" (huiya-code/qwen-vision-rename) from ClawHub.
Skill page: https://clawhub.ai/huiya-code/qwen-vision-rename
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: DASHSCOPE_API_KEY
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install qwen-vision-rename

ClawHub CLI

Package manager switcher

npx clawhub@latest install qwen-vision-rename
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared primary credential (DASHSCOPE_API_KEY) and python3 requirement align with a vision-API-based renaming tool. However the code also reads many other environment keys, OpenClaw skill entries, and local config files (e.g. ~/.openclaw/openclaw.json) to resolve settings — behavior not documented in SKILL.md's requires list and not strictly necessary for the core rename functionality.
!
Instruction Scope
SKILL.md requires the agent to run the included script and by default execute renames (--apply) unless user explicitly requests a dry-run. The script will auto-select local image directories (~/图片, ~/Pictures or OPENCLAW_RENAME_DEFAULT_DIR), write JSON plan and rollback files, copy/prepare images into ~/.openclaw media outbound/cache, and may publish local images as public URLs if a public media base URL is configured. The code also loads .env files and reads ~/.openclaw/openclaw.json to extract env entries for other skills — this expands the skill's read scope beyond what the description declares and could surface other credentials/configs.
Install Mechanism
No remote install or arbitrary downloads; the package is instruction-only with a Python script and a small requirements.txt (requests, Pillow). This is low installation risk.
!
Credentials
Only DASHSCOPE_API_KEY is declared as required, which is reasonable. But the code will also read many other env vars (DASHSCOPE_BASE_URL, OPENAI_BASE_URL, OPENCLAW_* keys, OPENCLAW_MEDIA_BASE_URL, etc.) and can pull API keys from ~/.openclaw/openclaw.json and .env files. That means the skill can access environment values and other skills' stored env entries that were not declared — disproportionate to a simple renamer and a possible vector to read other secrets.
Persistence & Privilege
always:false and no privileged install are good. However the script writes files into the user's home (~/.openclaw/media/outbound and vision-input-cache) and writes plan/rollback JSON files in the run location. It also reads ~/.openclaw/openclaw.json. The skill does not request permanent platform-wide privileges, but it does create and read files in the user's config area which the SKILL.md did not explicitly disclose.
What to consider before installing
Before installing or running: 1) Be aware the skill by default will perform renames (it defaults to --apply). If you want to inspect changes first, run a dry-run and review the generated plan and rollback file. 2) The script reads ~/.openclaw/openclaw.json and .env files and may inherit environment values from other skills — check that file for any secrets you don't want this skill to see. 3) It copies/optimizes images into ~/.openclaw media outbound/cache and can publish them as public URLs if you have OPENCLAW_MEDIA_BASE_URL / OPENCLAW_VISION_IMAGE_BASE_URL or a public_base_url file configured — verify those settings to avoid accidental exposure. 4) Only provide DASHSCOPE_API_KEY you trust and consider scoping or using a limited key if possible. 5) If unsure, inspect scripts/vision_rename.py fully, back up your image directory, and run the rename command without --apply first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧭 Clawdis
Binspython3
EnvDASHSCOPE_API_KEY
Primary envDASHSCOPE_API_KEY
latestvk97d01rq221pzzdf8geskdcr0x838np2
181downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@huiya-code
latest
Download

Qwen Vision Rename Skill

Use this skill for:

  • understanding image content (single image)
  • batch generating content-based filenames for local image folders
  • direct batch rename with rollback support
  • naming pattern 类型-主题 (example: 邀请函-万人大会主视觉)

Runtime behavior (strict)

  • qwen-vision-rename is a skill name, not a built-in tool name.
  • First use the read tool to open this SKILL.md, then run the Python command below.
  • Never emit a tool call named qwen-vision-rename.
  • Always execute the script. Do not fabricate recognition results.
  • For rename requests, default to direct execution: run rename-dir --apply.
  • If the user explicitly says "预览/试运行/dry-run/先看方案", run without --apply.
  • Do not call qwen-image for rename tasks.
  • Requests like "整理图片/按内容分类整理" still map to this skill. This skill renames by content first; if the user explicitly asks to move files into folders, explain that separately.
  • If user does not provide a folder path, run rename-dir without --dir and let script auto-select default image directory.
  • Filename style should be 类型-主题 first, not only plain title.
  • If --apply is used, return both plan_file and rollback_file.
  • If command fails, explain failure in 2 short Chinese sentences and provide next fix.

Setup

Install dependencies:

pip3 install -r {baseDir}/requirements.txt

Set API key:

export DASHSCOPE_API_KEY="your_api_key"

Optional model and endpoint:

export DASHSCOPE_BASE_URL="https://dashscope.aliyuncs.com/compatible-mode/v1"
export DASHSCOPE_VISION_MODEL="qwen-vl-max-latest"

Commands

Describe one image:

python3 {baseDir}/scripts/vision_rename.py describe \
  --image /path/to/image.jpg

Batch dry-run plan (recommended first step):

python3 {baseDir}/scripts/vision_rename.py rename-dir \
  --dir /path/to/images

Batch apply rename:

python3 {baseDir}/scripts/vision_rename.py rename-dir \
  --dir /path/to/images \
  --apply

Auto directory (no explicit --dir, script picks default image directory):

python3 {baseDir}/scripts/vision_rename.py rename-dir --apply

Rollback by rollback file:

python3 {baseDir}/scripts/vision_rename.py rollback \
  --rollback-file /path/to/rename-rollback-YYYYMMDD-HHMMSS.json

Notes

  • Supported image extensions: jpg, jpeg, png, webp, bmp, gif, tif, tiff, heic, heif.
  • Default naming style: 类型-主题 (for example 邀请函-活动主视觉.jpg).
  • Duplicate names auto-suffix with -02, -03 ...
  • rename-dir writes a JSON plan file every run.
  • --apply creates rollback JSON for reverse operation.
  • If --dir is omitted, script tries OPENCLAW_RENAME_DEFAULT_DIR, then ~/图片, then ~/Pictures.
  • On API failure for a single image, the default behavior is skip that file and continue.

Comments

Loading comments...