ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bailian Studio

v0.2.0

Call Aliyun Bailian via DashScope; support OCR, TTS, text-to-image and image-to-image.

0· 238·0 current·0 all-time
by@yab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (Bailian Studio via DashScope for OCR/TTS/image generation) matches the contained scripts: image_generate.py, ocr_text.py, tts_speak.py and an OSS uploader. Requiring OSS credentials is coherent because local reference images are uploaded to OSS before being sent to DashScope. However the registry metadata claims "no required env vars / primary credential", which is inconsistent with the code that requires DASHSCOPE_API_KEY and OSS_* values.
Instruction Scope
SKILL.md instructs the agent to read environment variables or a secrets/bailian.env file, install listed Python deps, and run the included CLIs. The runtime instructions and code are scoped to the declared features: contacting DashScope API, uploading to configured OSS, downloading generation results, and playing/writing WAV for TTS. The scripts do not attempt to read arbitrary unrelated system files or send data to unexpected third-party endpoints beyond DashScope, OSS endpoints, and user-supplied image URLs.
Install Mechanism
There is no install spec — this is instruction + bundled code. Dependencies are standard Python packages listed in requirements.txt (dashscope, oss2, requests). No remote downloads or archive extraction are used. The skill does require an external binary (ffplay/ffmpeg) for TTS playback per README/SKILL.md; the registry metadata didn't declare binary requirements.
!
Credentials
The code requires sensitive credentials: DASHSCOPE_API_KEY (mandatory via get_dashscope_key, raises if missing) and OSS_ACCESS_KEY, OSS_SECRET_KEY, OSS_BUCKET, OSS_ENDPOINT, OSS_REGION (get_oss_config raises if any missing). Those are appropriate for the skill's functionality, but the registry metadata declares no required env vars or primary credential — a mismatch that could mislead users. Also note that giving OSS credentials allows the skill to upload local files (potentially sensitive) to the configured bucket and produce public URLs.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not modify other skills or system-wide settings, and has no install hooks. Autonomous invocation remains possible (platform default) but there is no extra persistence or privilege escalation in the package itself.
What to consider before installing
This skill's code appears coherent with its advertised features, but there are important mismatches and privacy implications to check before installing: - Credentials: The package metadata claims no required env vars, but the code requires DASHSCOPE_API_KEY and a full OSS credential set (ACCESS_KEY, SECRET_KEY, BUCKET, ENDPOINT, REGION). These are mandatory for many flows and will raise runtime errors if missing. Confirm you are comfortable providing those secrets. - Data flow: Local reference images are uploaded to your configured OSS bucket by scripts/oss_upload.py and the code constructs public URLs. That means any local files you pass will be uploaded (and potentially publicly addressable depending on bucket ACLs). Avoid supplying private images unless you trust the bucket configuration. - Execution requirements: TTS playback uses ffplay (ffmpeg). If you don't want playback, use the --output option to save WAV instead. - Source provenance: The skill's registry metadata omitted required env vars and primary credential. That may be a packaging oversight, but it also makes it easy to miss the need for sensitive keys. Verify the author/source before adding credentials — prefer setting DASHSCOPE_API_KEY and OSS credentials via environment variables rather than leaving a secrets/bailian.env file in the repository. - Mitigations: Run the code in an isolated environment, inspect/modify scripts if you want uploads to go to a private location, and test with throwaway credentials or a test OSS bucket first. If you need the skill but don't want it to upload anything, pass only URL references to avoid local uploads.

Like a lobster shell, security has layers — review code before you run it.

latestvk971h6dy55xy335rtry3djw5x183paw7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments