Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
imageReader
v1.0.1Reads and analyzes images from messages across 10+ chat platforms using platform-specific APIs and unified image processing.
⭐ 1· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's behavior (download images from many chat platforms) is coherent with its name and description. However, the registry-level metadata claims no required environment variables or primary credential, while SKILL.md and the included Python downloader clearly require multiple sensitive platform credentials (FEISHU, DINGTALK, WECHAT, TELEGRAM, DISCORD, WhatsApp, Slack, LINE, etc.). This inconsistency between declared registry requirements and the actual runtime needs is a red flag (could be sloppy packaging or an attempt to hide sensitive requirements).
Instruction Scope
SKILL.md and scripts limit actions to detecting platform, calling official platform APIs, saving downloaded images to a temp file, and invoking an image-analysis tool. There are no obvious instructions to read unrelated files or exfiltrate data to arbitrary endpoints. However: (1) SKILL.md asserts 'No data is sent to external servers except the official platform APIs' but the skill references optional external OCR/API keys (Baidu/Dashscope) and the downstream 'image(...)' tool — the actual destination of image analysis depends on the runtime image tool and could involve sending image data to an external model or service. (2) The skill instructs accessing inbound_meta and message contents (expected) but that grants broad read access to chat content.
Install Mechanism
This is instruction-only with a bundled Python script and no install spec that downloads arbitrary archives. No third-party install URLs, package installs, or extract-from-URL steps are present. The included script will be available on disk when the skill is installed; it uses the requests library but no additional package installation is specified in an install step.
Credentials
Functionally, the skill legitimately needs platform-specific tokens to download messages/images. But the manifest is inconsistent: top-level registry metadata lists no env vars, SKILL.md metadata lists a subset (python3 + FEISHU/DISCORD/TELEGRAM), and the Python script expects many more environment variables (WECHAT, DINGTALK, SLACK, WHATSAPP tokens, etc.) and/or tokens passed as CLI args. Asking for many platform credentials is proportionate to a multi-platform downloader only if declared transparently; the current mismatch (and the requirement for multiple powerful tokens that can read message content) increases risk if users supply full-privilege credentials.
Persistence & Privilege
The skill does not request always:true and does not claim to modify other skills or global configs. disable-model-invocation is false (normal). Note: autonomous invocation combined with broad platform credentials would enlarge the blast radius, but autonomous invocation alone is the platform default and not a standalone concern.
What to consider before installing
Don't install blindly. Key points to consider before proceeding:
- Inconsistency: The registry metadata claims no required env vars, but SKILL.md and the included Python script require many sensitive platform tokens. Ask the author to reconcile the manifest and provide a clear, minimal list of required env vars.
- Sensitive credentials: This skill needs tokens that can read chat messages; only provide tokens with the minimum scopes (read-only, narrow workspace/chat scopes) and prefer test accounts or sandbox credentials first. Rotate tokens after testing.
- Data flow: Confirm where images are sent for analysis. The SKILL.md's image(...) call may forward image data to the model provider or third-party services; demand explicit data-handling/retention details and logs of network destinations.
- Audit the code: The included download_image.py appears to only call official platform APIs and write files to temp directories, but verify there are no hidden endpoints, telemetry, or additional network calls in the full script. Run it in an isolated environment (sandbox/VM) and inspect network traffic while testing.
- Origin and maintenance: The skill owner is unknown and there's no homepage; prefer skills from known authors or ask for contact/maintainer info and a verifiable repository.
- Least privilege & testing: If you must try it, limit scope (enable only one platform at a time), use scoped/test tokens, and monitor activity. If the author can't clarify the manifest mismatches and data handling, treat this as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk9783njajg9vvnb110dfxdrb6583hfqy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.