Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Birdfolio
v1.0.0Bird identification, life list tracking, and trading card generation. Use this skill when the user: sends a bird photo to identify, says "set up my Birdfolio...
⭐ 0· 609·0 current·0 all-time
bytonbi@tonbistudio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the code and instructions: vision-based ID, local workspace files (checklist, lifeList, cards), and an API-backed persistent store. The included scripts implement identification logging, checklist sync, card generation (HTML→PNG), and optional upload. Nothing in the code appears to be unrelated to a bird-collection workflow.
Instruction Scope
Runtime instructions ask the agent to read message metadata for the Telegram sender_id and to capture a local photo path. They explicitly instruct the agent to look in OpenClaw temp/media and a Windows %APPDATA% path and, if necessary, to 'find the most recently downloaded file' — this requires reading files outside the skill workspace and gives broad filesystem access. The skill also instructs the agent to perform You.com searches and to POST user data (telegram id, sightings) to a remote API. Those behaviors are within the feature set but expand the agent's access to user metadata, local files, and a third-party endpoint and should be reviewed.
Install Mechanism
There is no install spec (instruction-only install), so nothing is pulled from arbitrary URLs. Scripts include a Node screenshot script that attempts to require playwright-core from an OpenClaw-specific node_modules path under APPDATA and prefers system Chrome binaries; this is brittle but not inherently malicious. No network downloads or remote executable installs are embedded in the skill package itself.
Credentials
The skill declares no required env vars/primary credentials, but it interacts with external services and expects credentials in local files: it contacts a hard-coded API base URL (https://api-production-d0e2.up.railway.app) and upload_card.py expects an R2 secrets JSON (workspace/secrets/r2-birdfolio.json) containing access_key_id/secret_access_key and endpoint. Those secrets are not declared in the skill manifest; providing them is optional but necessary for card uploads. The skill will transmit personal identifiers (Telegram sender_id) and sighting data to the remote API; ensure you trust that endpoint before use.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes only to its own workspace (birdfolio/) and to whatever secrets file the user provides for uploads. It does not modify other skills or global agent settings. The ability to be invoked autonomously is default and not unusual here.
What to consider before installing
This skill implements a plausible bird-tracking workflow, but there are privacy and trust decisions to make before installing:
- The skill will send your Telegram sender_id and every logged sighting to a remote API at https://api-production-d0e2.up.railway.app. If you don't control or trust that API, do not use the skill or review the server-side code/owner before giving it data.
- Card uploads (upload_card.py) require an R2-style secrets JSON (access key/secret) stored in your workspace; the skill will read that file and use boto3 to upload images. Treat those credentials like any secret — only provide them if you trust the destination and want images publicly hosted.
- The SKILL.md instructs the agent to inspect OpenClaw temp/media and %APPDATA% paths and to find the most-recent downloaded file if an inline path is not provided. That gives the skill the ability to read files outside birdfolio/. Run it in an isolated workspace or sandbox if you want to limit filesystem access.
- The Node screenshot script attempts to load playwright-core from an OpenClaw-specific node_modules path and prefers system Chrome. This is brittle; ensure your environment has the required dependencies or run the Python card-generation flow without the screenshot step.
If you plan to use the skill: (1) Verify the remote API owner and privacy policy; (2) avoid putting unrelated secrets in the workspace; (3) run in a dedicated environment or container to limit unintended file access; (4) consider reviewing the server-side API implementation or hosting your own API if you need stronger data control.Like a lobster shell, security has layers — review code before you run it.
latestvk971y13wp8rxxz72gpxat8fccx81fv9d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.