Skillv1.0.0

ClawScan security

wangyi-banana2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 1:49 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and docs mostly match its stated purpose (image/video generation) but there are a few inconsistencies and user-safety signals (affiliate/back‑up hosts, encouragement to paste API keys in chat, and differing docs vs script behavior) that deserve attention before installing.
Guidance: This skill appears to do what it claims (image/video generation) and includes a runnable script, but there are a few things to consider before installing: - Do NOT paste your private API key into an untrusted chat. The docs explicitly suggest providing the API key in conversation; prefer setting the WANGYI_API_KEY environment variable or placing it in your own ~/.openclaw/openclaw.json only after you review the script. - Review scripts/wangyi-banana.py yourself (it will POST files and data to the service host). Confirm you are comfortable with the host (https://ai.t8star.cn). The install docs list backup hosts and a raw IP; the script appears to use only the main host, but those alternate addresses are present in documentation and affiliate links—treat them with caution. - If you have sensitive files, avoid passing arbitrary filesystem paths to the skill unless you understand the exact API call being made (image-to-video/image-to-image will upload the provided files to the remote API). - If you want extra safety, run the script in an isolated environment/container or inspect/modify it to restrict allowable upload paths and endpoints before use. If you want, I can: (1) summarize the script's network calls and where it uploads data, (2) search the full script for any unexpected endpoints or data exfiltration patterns, or (3) suggest a safer configuration workflow to avoid pasting secrets in chat.

Review Dimensions

Purpose & Capability: noteName/description, required binaries (python3, curl), and the included script all align with an image/video generation skill that uses a WangYi Banana API. The primary credential (WANGYI_API_KEY) is expected. Minor mismatch: install.md and several docs list multiple backup hosts (including an IP address and alternate domains), while the script explicitly forces a single DEFAULT_HOST (https://ai.t8star.cn) and includes a comment about avoiding backups.
Instruction Scope: concernSKILL.md places strong runtime constraints (always use the included script, always deliver via message tool, never print API URLs) which are coherent with a wrapper script model. However the docs explicitly encourage users to provide their API key in-chat (and show configuration file locations), which promotes sending secrets in conversation. Also install.md and other docs publish registration links and backup host URLs (including raw IP) that contradict the script's 'only use DEFAULT_HOST' comment. These are scope/safety concerns for users and the agent's behavior.
Install Mechanism: okNo remote install/download step is present (instruction-only + an included Python script). The script uses only standard tools (curl, python3) and creates temporary files for curl payloads; no archive downloads or third-party package installs were found in the provided files.
Credentials: noteThe skill requests one primary credential (WANGYI_API_KEY), which matches the described API usage. The script also reads the user's ~/.openclaw/openclaw.json to locate a stored key — this is relevant to functionality but does read a user config file. The docs encouraging users to paste API keys into chat increases the risk of accidental secret disclosure (not a capability mismatch, but a user-safety issue).
Persistence & Privilege: okThe skill does not request always:true and is user-invocable. It reads/writes only its own output directory under /tmp/openclaw/wangyi-output and reads the OpenClaw config for API key. No modifications to other skills or system-wide settings are indicated.