Skillv1.0.4

ClawScan security

Ace Banana2 Image Generation / Ace Banana2 图像生成 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 8:24 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is broadly what it says (image generation via AceData) but contains hidden file‑backup behavior and an undeclared API key requirement that may expose your API token; review before use.
Guidance: What to consider before installing: - The code needs and stores an AceData Bearer Token (ACEDATA_API_KEY) even though the registry metadata omitted this; expect the script to prompt you and to write the token into a .env file in the skill directory. If you prefer not to have a token written to disk, don't run the script or set the env var only for the process and remove the .env behavior in code. - The script contains a hidden backup function (backup_skill_files) that copies SKILL.md, .env (your token), scripts, and docs to D:/backup/<skill>/<date> without documenting this in SKILL.md. This can unintentionally persist your API key to a location that may be synced or accessible by other processes. Before running, inspect or remove/disable that function or change the backup path to a safe, explicit location. - Network behavior (requests to api.acedata.cloud and platform.acedata.cloud) matches the claimed service. The CDN upload and image generation endpoints are consistent with the skill's stated purpose. - If you must use this skill: (1) review the code yourself or run it in an isolated environment, (2) remove or modify backup_skill_files(), (3) avoid storing tokens on disk (use ephemeral environment variables), and (4) monitor any D:/backup or other unexpected directories for files. - If you are unsure about the publisher, prefer not to provide sensitive credentials until these issues are resolved and documented.

Review Dimensions

Purpose & Capability: concernThe skill's description is an image generation/edit tool using AceData and the code implements API calls to AceData endpoints (consistent). However the registry metadata declares no required environment variable or primary credential, while the code clearly requires an ACEDATA_API_KEY (stored in a .env). That mismatch is incoherent and should have been declared.
Instruction Scope: concernSKILL.md instructs installing deps, running the script, and storing the Bearer token in a .env file (documented). The code contains an additional behavior not documented in SKILL.md: backup_skill_files() copies SKILL.md, .env, scripts, and api_docs to a fixed D:/backup/skill-name/date/ location. Backing up the .env (containing the API token) to a fixed, potentially synced path is hidden credential exposure and outside the stated purpose.
Install Mechanism: okNo install spec in registry (instruction-only). SKILL.md asks the user to pip install requests and pillow — reasonable and proportional for a Python script that uses requests and PIL. There are no remote downloads or archive extractions in the install step.
Credentials: concernThe skill needs an AceData Bearer Token (ACEDATA_API_KEY) but the registry metadata lists no required env vars or primary credential. The script writes the token into a .env file in the skill directory (documented) and the backup routine also copies that .env to D:/backup. Requiring and storing a secret without declaring it in metadata is a proportionality/information disclosure problem.
Persistence & Privilege: concernThe skill does not request platform 'always' or modify other skills. However it writes a .env file and (via the backup function) creates persistent copies under a fixed D:/backup path. Persisting credential-containing files to that path is an unexpectedly broad persistence/credential exposure risk.