v0.2.0

Zyt customised person

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:26 AM.

Analysis

This Chanjing integration is mostly purpose-aligned, but it relies on account credentials and references high-impact helper scripts for upload/create/delete that are not included in the reviewed package.

GuidanceBefore installing, confirm that the missing helper scripts are included from a trusted source and review them, because they would handle video uploads and account mutations. Use protected Chanjing credentials, upload only authorized source videos, and require explicit confirmation before deleting any digital human.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

file manifest

4 file(s): SKILL.md, examples.md, reference.md, scripts/_auth.py

SKILL.md tells the agent to use helper scripts such as upload_file, create_person, poll_person, and delete_person, but the reviewed package only includes scripts/_auth.py. The code for the upload/create/delete workflow is absent from the supplied artifacts.

User impactThe agent may be directed to run missing or separately supplied code for sensitive actions such as uploading videos, creating digital humans, or deleting account assets.

RecommendationInstall only if the missing helper scripts are present from a trusted source and have been reviewed; otherwise request a complete package or use the documented API manually.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

reference.md

`POST /open/v1/delete_customised_person` ... 删除成功时响应只返回通用成功消息，因此脚本直接回显传入的 `person_id`。

The skill supports deleting a Chanjing custom digital human by ID. This is within the stated purpose, but it is a destructive account action.

User impactA mistaken or unintended delete request could remove a digital human asset from the user's Chanjing account.

RecommendationConfirm the exact person_id and user intent before running any delete operation, and avoid automated cleanup unless the user explicitly requested it.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/_auth.py

CONFIG_FILE = CONFIG_DIR / "credentials.json" ... data=json.dumps({"app_id": app_id, "secret_key": secret_key})

The auth helper reads local Chanjing app_id and secret_key values, sends them to the Chanjing token endpoint, and caches an access token. This is expected for the service but grants account-level API access.

User impactAnyone with access to the credentials file or resulting token may be able to act on the user's Chanjing account through the covered APIs.

RecommendationUse dedicated credentials where possible, keep the credentials file private, set CHANJING_CONFIG_DIR to a protected directory if needed, and revoke or rotate keys if exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

调用 `upload_file` 上传本地源视频，获取 `file_id` ... API 基础地址固定：`https://open-api.chanjing.cc`

The workflow sends local source videos, potentially containing a real person's face and voice, to Chanjing or its returned upload URL. This data flow is disclosed and purpose-aligned, but sensitive.

User impactPersonal or biometric video material may leave the local machine and be processed by the Chanjing service.

RecommendationUpload only videos you are authorized to use, avoid unnecessary personal data, and review Chanjing's retention and privacy terms before using real-person footage.