Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Byted Tos Image Process
v1.0.0Provides image processing capabilities for objects in Bytedance TOS using the official SDK. Supports getting image info, format conversion, resizing, and wat...
⭐ 0· 38·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name, README, SKILL.md, and scripts all describe TOS image operations and legitimately require TOS credentials and endpoint/region. However the registry metadata lists no required environment variables or primary credential—this mismatch is unexplained and inconsistent with the skill's stated purpose.
Instruction Scope
The runtime instructions and example scripts stay within the stated purpose: they initialize a TOS SDK client from environment variables, call get_object/get_object_to_file with process strings, save outputs locally or back to TOS, and perform error handling. They do read/write local files (for output) and check file sizes, which is expected for this functionality.
Install Mechanism
No install spec is provided (instruction-only at registry level), and requirements.txt only lists the Python 'tos' dependency. There are no download URLs or extracted archives in the install metadata. Having runnable scripts bundled without an install spec is not dangerous by itself but means consumers must run these Python scripts themselves (which will execute network calls via the SDK).
Credentials
The scripts and SKILL.md require TOS_ACCESS_KEY, TOS_SECRET_KEY, TOS_ENDPOINT, and TOS_REGION (and optionally TOS_SECURITY_TOKEN). Those credentials are proportionate to the skill's purpose, but the registry metadata omits them entirely and declares no primary credential—this omission is a red flag. The scripts will accept long-lived AK/SK or STS tokens; using short-lived, least-privilege credentials is recommended.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not modify other skills, and does not alter global agent configuration. It requires no extra platform privileges beyond normal model invocation and user execution of included scripts.
What to consider before installing
This skill appears to implement exactly what it claims (TOS image processing), but the registry metadata omits the sensitive environment variables the scripts actually require. Before installing or running it:
- Do not supply long-lived, high-privilege credentials. Prefer short-lived STS tokens limited to the specific buckets/keys needed.
- Verify and reconcile metadata: the registry should declare required env vars (TOS_ACCESS_KEY, TOS_SECRET_KEY, TOS_ENDPOINT, TOS_REGION, optional TOS_SECURITY_TOKEN). Ask the publisher to correct the metadata if you rely on that for automation.
- Inspect the bundled scripts yourself (they are included) and confirm they only call the official TOS SDK — no hidden endpoints were found in the provided files.
- If you will run the scripts, run them in a sandbox or isolated environment and test with a dedicated test bucket that has minimal permissions (read/write only where needed). Revoke credentials after testing.
- Review the Python dependency 'tos' from PyPI (or your package source) to ensure it is the legitimate SDK the scripts expect.
- If you do not trust the publisher, do not enable autonomous invocation for this skill in agents that hold sensitive credentials.
If the publisher updates the registry metadata to list the required environment variables and primary credential, and you follow the least-privilege guidance above, the incoherence will be resolved and the skill will be more straightforward to trust.Like a lobster shell, security has layers — review code before you run it.
latestvk975jsamjvgdbeg5ejgkz9xp9d83x3h6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.