Skillv1.0.0

ClawScan security

Plant Growth Stage Recognition Skill | 植物生长阶段识别技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 18, 2026, 11:59 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The package claims to be a plant growth-stage CV skill but includes unrelated modules, hidden local persistence, and unstated dependency/config requirements that don't match its SKILL.md — proceed cautiously.
Guidance: This package is not a simple instruction-only plant CV helper: it bundles unrelated face-analysis code and a large shared library, reads local workspace/config files, may create a local SQLite DB and save attachments, and will call remote APIs using an 'open-id' you must supply. Before installing or running: - Ask the publisher for an authoritative source/homepage and why face_analysis and smyx_common are included. - Inspect RequestUtil (skills/smyx_common/scripts/util.py) and the API endpoint/base URLs in skills/smyx_common/scripts/config.yaml or config-dev/prod to see where your images/data would be sent. - Do not provide sensitive credentials or real user identifiers (open-id) until you confirm the remote API is trustworthy. - Run the skill in an isolated environment (container) and review what files it writes (attachments directory, data/*.db). - Verify and supply only the minimal open-id required; if you cannot confirm the remote endpoints or developer identity, avoid using the skill for sensitive images. If you can provide the contents of RequestUtil and the resolved ApiEnum.BASE_URL values (or the exact API server domains), I can reassess and raise or lower the concern level.

Review Dimensions

Purpose & Capability: concernThe skill's name/description describe plant growth-stage recognition, but the bundle includes a full 'face_analysis' skill and a large shared 'smyx_common' library. Packaging a face-analysis health module with a plant CV skill is unexpected and increases sensitive functionality in the codebase beyond the stated purpose.
Instruction Scope: concernSKILL.md explicitly forbids reading local memory and mandates fetching historical reports from a cloud API, but the codebase contains a local DAO/SQLite layer and common config readers that access local files and environment variables. The runtime instructions require running scripts that will read config files (skills/smyx_common/scripts/config.yaml) and may persist attachments to project directories, which contradicts some of the 'forbidden' rules in SKILL.md.
Install Mechanism: concernThere is no install specification despite many included Python modules and a large requirements.txt under skills/smyx_common. SKILL.md lists only 'requests>=2.28.0' but the package tree references numerous dependencies — the missing explicit install step and mismatched dependency declarations is an engineering/operational risk (unknown components may be required at runtime).
Credentials: concernRegistry metadata lists no required env vars, but code reads environment variables (OPENCLAW_WORKSPACE, OPENCLAW_SENDER_OPEN_ID, OPENCLAW_SENDER_USERNAME, FEISHU_OPEN_ID) and expects open-id from local config files. The skill will call external APIs (config contains base URLs) and upload user-supplied media — requesting/using open-id and API keys is plausible for a remote service, but these are not declared up-front and may expose identifiers or allow data transmission to remote endpoints.
Persistence & Privilege: concernThe common library includes a DAO that creates and writes an SQLite DB under a workspace data directory and scripts save attachments into the skill directory. The skill persists data locally and expects to read config files from workspace paths — this persistent local storage and configuration access is beyond a simple, instruction-only skill and conflicts with some SKILL.md prohibitions.