Skillv1.0.0

ClawScan security

Image Upscaler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 27, 2026, 10:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (image upscaling) matches its runtime instructions, but it instructs uploading user images and an API key to an opaque third-party host with no source/homepage—this raises privacy and provenance concerns.
Guidance: This skill will upload images (and a user-supplied API key) to https://supabase.00123.fun:22334 — an opaque third-party server with no source repo or official homepage. Before using it: 1) Do not upload sensitive or private images. 2) Verify the WeChat mini program and the API key provider (look for an official service, reviews, or a privacy policy). 3) Inspect the TLS certificate and domain ownership (DNS/reverse lookup) if possible. 4) Test with benign images first and limit API key permissions; avoid reusing keys tied to other services. 5) Prefer well-known, audited upscaling services or local tools if you require strong privacy. If you need help validating the service's provenance, provide the mini program link or server operator info and I can help evaluate further.

Review Dimensions

Purpose & Capability: noteName, manifest, openapi, and SKILL.md consistently describe an image upscaler and all required actions map to that purpose (POST an image, poll for results). However, the skill points to a single opaque host (https://supabase.00123.fun:22334) and has no source repository or official homepage; the lack of provenance is a concern even if the capability itself is coherent.
Instruction Scope: concernThe runtime instructions explicitly direct the agent (and user) to upload arbitrary image files and a personal API key to an external endpoint. That behavior is expected for a cloud upscaling service, but SKILL.md contains no privacy, retention, or security details, nor does it constrain what images may be uploaded. Because images (possibly sensitive) will be transmitted to an unknown third party on a non-standard port, this is a meaningful risk.
Install Mechanism: okNo install spec and no code files — instruction-only — so nothing is written to disk or installed by the skill itself. This minimizes on-device risk.
Credentials: noteThe skill does not request environment variables or system credentials. It does require a user-provided API key parameter (obtained via a WeChat mini program per the instructions). Requesting an API key is proportionate for a hosted API, but the origin and trustworthiness of that key provider are unclear.
Persistence & Privilege: okalways is false and there is no install behavior that persists or modifies other skills or system configuration. The skill does not request elevated or permanent privileges.