Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BitSoul AI Face Beauty 人像AI美颜
v1.0.5Edit image to beautify faces or portaits in it. Use when (1) User requests to process an image, (2) User asks to beautify a photo.
⭐ 3· 1.4k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
SKILL.md repeatedly claims "全程本地处理... 不上传到任何服务器" (fully local). However, the provided init.py contacts a remote host (http://info.aicodingyard.com) to obtain a download URL and then downloads an executable into the skill directory. The download step and requirement for BITSOUL_TOKEN are not consistent with an exclusively local-only processing claim.
Instruction Scope
Runtime instructions require running init.py which will contact a remote API, download a binary, write it to disk, and set it executable. The skill then instructs running that executable and passing BITSOUL_TOKEN and image paths as arguments — this gives the downloaded program access to images and the token and could cause network I/O or data exfiltration despite the 'local-only' claim. The init script also supports reading an env file path, which is expected but increases the surface for secret exposure.
Install Mechanism
There is no formal install spec; instead init.py downloads an executable from a remote server. The download uses HTTP (not HTTPS) to an API on info.aicodingyard.com which returns a download_url; the code streams that URL directly to disk, then marks it executable. There is no integrity or signature check and the final download URL is arbitrary, which is a high-risk install pattern.
Credentials
The only required environment variable is BITSOUL_TOKEN, which fits the download/authorization flow, but SKILL.md's local-processing promise conflicts with requiring a remote token. The token is also passed to the executable when invoked, which may be unnecessary for purely local processing and could allow the binary to authenticate to the vendor service (potentially for uploads or further downloads). Requiring a token is plausible but not justified by the 'local-only' claim.
Persistence & Privilege
The skill does not set always:true and does not attempt to modify other skills or system-wide config. It writes the downloaded executable into its own skill directory and sets execution permissions — expected for a skill that ships a native binary, though still potentially risky given the download source.
What to consider before installing
This skill makes a strong claim of doing all processing locally but its init script downloads and executes a binary from a remote server using a token. That downloaded binary could contact the network, upload images, or exfiltrate the token. Before using: (1) Do not supply sensitive or multi-purpose tokens — if you must, use a scoped token that can only fetch this binary and nothing else. (2) Prefer obtaining a binary hash/signature from the vendor and verify the downloaded file before running. (3) If you don't trust the domain, run init.py and the binary only in an isolated VM or sandbox and avoid processing sensitive photos. (4) Ask the author for source code or a reproducible build and for the download URL to use HTTPS and provide integrity checks. (5) If you need strict local-only processing, choose a skill that includes vetted local code (no network downloads) or one that builds from source you can audit.Like a lobster shell, security has layers — review code before you run it.
latestvk97ab55ejms5jde00g56t4fg3n84a4jn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.