Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tiexue Vision
v1.0.0Recognizes text (Chinese/English), objects, and scenes in images from chat, documents, or local files, with optional translation and auto-saving results.
⭐ 0· 11·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (image OCR + object/scene detection + optional translation) align with the code. However there are mismatches: SKILL.md suggests installing a system tesseract binary and points to an OCR executable path in config.json, but the code uses tesseract.js (a JS worker). The skill claims fully local operation except translation, yet package.json/lock include heavy ML/native deps (e.g., @tensorflow/tfjs-node, onnxruntime-node) that are disproportionate for the simple onnx inference shown in index.js. A required YOLO model path (./models/yolov5s.onnx) is referenced in config.json/index.js but no model file is included in the package manifest.
Instruction Scope
SKILL.md and index.js instructions are mostly consistent: they read images, run OCR and object detection, write back to Feishu or create a .txt. The code only reads local config.json and the provided image, so there is no broad filesystem scraping. Important scope notes: the code transmits recognized English text to the public Google Translate endpoint (translate.googleapis.com) — this is an external network call that sends user data off-host. That is disclosed in SKILL.md ('除翻译外不依赖外部云服务'), but users should be aware recognized text will be sent to Google.
Install Mechanism
No explicit install spec in the registry entry, but package.json lists heavy native dependencies (onnxruntime-node, @tensorflow/tfjs-node). These packages commonly trigger native builds or prebuilt-binary downloads (node-pre-gyp). Because an install mechanism isn't specified, it's unclear how the runtime environment will install dependencies; npm install could download/compile native binaries and contact third-party package servers. The package includes a large package-lock.json which pulls many transitive packages not strictly required by the index.js logic (e.g., tfjs). This is disproportionate and increases attack surface.
Credentials
The skill declares no required environment variables or credentials. The code reads a local config.json and uses a 'feishu' client object passed in context for Feishu integration (so it relies on host-provided client rather than asking for tokens). config.json contains fields for a translation apiKey but the code uses the public Google Translate endpoint without using that key. No other unrelated credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system settings. It reads and writes local files only in the image's directory (writes image.txt) and updates Feishu content when invoked with Feishu context.
What to consider before installing
This skill mostly does what it says, but consider the following before installing:
- Privacy: Recognized English text is sent to translate.googleapis.com — sensitive text will leave your machine. If you need fully local processing, disable translation or provide a local translation alternative.
- Missing model: config.json references ./models/yolov5s.onnx but no model file is included. Ask the author how the model is provided, or supply your own local model before running.
- Excessive dependencies: package.json/lock include heavy native ML packages (tfjs-node, onnxruntime-node) and node-pre-gyp, which can download prebuilt binaries or trigger native builds during npm install. Expect large downloads and potential network activity during installation; consider installing in an isolated environment (container/VM) and review package-lock.json thoroughly.
- Inconsistency: SKILL.md recommends installing system tesseract, but the code uses tesseract.js. Confirm whether a system tesseract binary is actually required in your environment.
Recommendations: review/verify the model file and package-lock, run installation in an isolated sandbox, or request an explicit install script and explanation from the author (why tfjs is included, where the ONNX model is hosted). If you are processing sensitive images/text, disable the public-translate call or confirm a privacy-safe translation provider.index.js:8
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97fjp7405564bj5vmk9hkjtqh848m1e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.