Skillv0.1.0

ClawScan security

Huo15 Comic Character · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 4:24 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (generate character images via Seedream), but its runtime requirements and data-handling behavior are not fully declared and could lead to unexpected credential use or local-file uploads.
Guidance: This skill is generally coherent with its stated purpose (generating three images per character via Seedream), but there are a few things to check before installing/using it: - Provide ARK_API_KEY: The bundled code requires an ARK_API_KEY environment variable to talk to the Seedream/Ark API, but the skill metadata/SKILL.md do not declare this. If you run it without that env var it will fail — and if you provide the key, the skill will use it to call the remote service. - Local-file uploads: ArkClient will convert file paths to data URIs (base64) and include them in requests. If your script.json or other inputs reference local images, those files will be uploaded to the remote API. Do not include sensitive local files as references. - Cost and files: The skill will persist cost tracking to project_dir/.cost.json and write generated images into the out-dir you pass. Ensure you run it in a folder you control and are aware of the cost estimate (PRICING in config.py). The SKILL.md provides a simple cost estimate but does not mention the ARK API key requirement. Recommended actions: ask the skill author to update SKILL.md to declare ARK_API_KEY and document data-upload behavior; run the skill in an isolated directory; only use non-sensitive reference images; verify the API endpoint and that you trust the remote provider before supplying credentials.

Review Dimensions

Purpose & Capability: concernThe code implements exactly the stated purpose (calls a Seedream/Ark API to generate images from a script.json and writes three images per character). However the skill metadata / SKILL.md declare no required environment variables while the bundled code (ArkClient) requires ARK_API_KEY — an inconsistency that will break runtime or cause confusion. Requiring an Ark API key is reasonable for the stated purpose, but it should be declared.
Instruction Scope: concernSKILL.md instructs the agent to run scripts/character.py with a script.json and out directory — that matches the code. But the markdown does not mention that an ARK_API_KEY environment variable is mandatory, nor does it warn that local image files (if passed as reference images elsewhere) will be base64-encoded and uploaded to the remote API. The code will read and send files via _image_to_data_uri, which could lead to inadvertent upload of local files if referenced in inputs.
Install Mechanism: okThe skill is instruction-only (no install spec). There is bundled Python code, but nothing in the package attempts to download or install external binaries. No high-risk install URLs or extract steps are present.
Credentials: concernThe only secret the code needs is ARK_API_KEY (used for the Seedream/Ark requests) which is proportionate to image-generation. However the skill metadata did not declare this required env var. Additionally, the ArkClient will accept file paths and convert them to data URIs (base64 of local files), which means local files referenced by the script could be uploaded to the remote API — this is a data-exfiltration risk if users are unaware.
Persistence & Privilege: okThe skill does not request system-wide privileges or always:true. It writes outputs to the user-specified out-dir and persists cost tracking to project_dir/.cost.json (via CostGuard). Those file writes are confined to the project/output directories and are expected for this workflow.