china-vision
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent image-analysis skill, but using it sends selected images and prompts to SiliconFlow with your API key and may consume paid API credits.
Before installing, make sure you are comfortable using your SiliconFlow API key and sending selected images or prompts to SiliconFlow. Avoid highly confidential images unless the provider's privacy terms are acceptable, and consider setting spending limits for API usage.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your SiliconFlow API key must be available to the skill, and image-analysis calls may consume paid credits.
The skill requires a SiliconFlow API key and discloses that the model is billed by tokens, so invoking the skill uses the user's provider account and quota.
requires": {"bins": ["python3"], "env": ["SILICONFLOW_API_KEY"]} ... ⚠️ 收费模型(按token计费)Use a dedicated or limited API key if possible, set provider spending limits, and monitor usage.
Private or sensitive details in selected images and prompts may be shared with the SiliconFlow service for analysis.
For local images, the script base64-encodes the image and sends it with the user's prompt to the external SiliconFlow API. This is expected for the skill's purpose, but it means image content leaves the local device.
SILICONFLOW_API_URL = "https://api.siliconflow.cn/v1/chat/completions" ... image_source = f"data:{mime};base64,{b64}" ... "text": promptOnly analyze images you are comfortable sending to that provider, and review SiliconFlow's privacy and retention terms for sensitive content.