Pluginv0.0.4

ClawScan security

Frontend Vibe Suite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 9:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's runtime behavior (calls to DashScope using DASHSCOPE_API_KEY and subprocesses for Wan wrappers) is consistent with its stated purpose, but there are release-hygiene and metadata inconsistencies you should resolve and verify before installing.
Guidance: What to check before installing: - Registry metadata mismatch: The bundle documentation and runtime contract require DASHSCOPE_API_KEY, but the top-level registry entry claims no required env vars. Confirm the publisher updates the registry metadata to list DASHSCOPE_API_KEY. - Inspect the three scripts that talk to DashScope: scripts/video_to_ui_brief.py, scripts/generate_wan_image.py, and scripts/generate_wan_video.py. Verify which endpoints they call, whether they transmit the full video or only derived data, and that they use standard-library HTTP clients (or note if they require third-party libraries). - Do not pass private or sensitive videos as public URLs to the workflow unless you trust DashScope (Aliyun) and the API key use. Treat the DASHSCOPE_API_KEY as a secret tied to that external service and scope/rotate it appropriately. - Bundle hygiene: the repository contains __pycache__/ and .pyc files despite docs saying these should not be published. Ask the publisher to remove compiled artifacts and re-publish a clean release. - Run the scripts in an isolated environment (separate account or test project) first. If you must provide an API key, consider using a scoped or test key with minimal privileges and monitor its usage. - If you need higher assurance, request the publisher provide a minimal reproducible read-through (or link to the exact script contents) showing only standard-library usage for HTTP, and a short runtime log demonstrating what is sent to the DashScope endpoints.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and runtime_contract clearly require DASHSCOPE_API_KEY for DashScope (Qwen Omni translation and Wan image/video calls) which matches the plugin's multimodal design goals. However the top-level registry metadata (Requirements) lists 'Required env vars: none' — that's an explicit mismatch between what the bundle claims and what it actually needs. Also the bundle contains precompiled Python artifacts (__pycache__ and .pyc files) despite docs saying such files should not be published; this is a hygiene/incoherence issue.
Instruction Scope: noteRuntime instructions are explicit: run included Python scripts that read style briefs, optional user-provided public media URLs, and the plugin-local .env; they send data to DashScope endpoints and to plugin-local Wan wrappers. This stays within the stated purpose, but the workflow will transmit public media URLs (and use your DASHSCOPE_API_KEY) to a third-party API — avoid passing private or sensitive video URLs unless you trust that service and key usage.
Install Mechanism: noteThere is no install spec (instruction-only), so nothing is written to disk at install time by the bundle itself. That lowers install risk. However: (a) the repo includes __pycache__/ and .pyc files (bundle hygiene issue), and (b) the package claims 'Python dependencies: standard library only' — you should manually inspect the scripts to confirm they do not import third-party libraries (e.g., requests) that would require pip installs at runtime.
Credentials: concernThe only credential required at runtime is DASHSCOPE_API_KEY (with optional DASHSCOPE_BASE_URL and QWEN_OMNI_MODEL), which is proportionate to the described behavior. The concern is the inconsistent metadata: registry summary lists no required env vars while SKILL.md and data/runtime-contract declare the required API key. Before installing, ensure the registry metadata is corrected and that you understand that the API key will be used to send media and prompts to DashScope (Aliyun) endpoints.
Persistence & Privilege: okThe skill is user-invocable, not always-enabled, and can be invoked autonomously (normal). It does not request system-wide persistence or cross-skill config writes. Note: run_visual_loop.py invokes plugin-local Wan helper scripts (documented subprocess use) — this is expected but you should run such scripts in an isolated environment if you have concerns.