oatda-vision-analysis Security Report — Trusted | ClawSafe

0 /100

oatda-vision-analysis

Analyze images using vision-capable AI models through OATDA's unified API

A well-documented image analysis API client that reads credentials from a declared file and calls an external vision AI API. All behavior is declared and no security concerns found.

Skill Nameoatda-vision-analysis

Duration27.8s

Enginepi

✓

Safe to install

This skill is safe to use. No action required.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md:24 reads ~/.oatda/credentials.json for API key
Network	`READ`	`READ`	✓ Aligned	SKILL.md:40-50 makes HTTPS POST to oatda.com
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md metadata declares curl and jq as required binaries
Environment	`READ`	`READ`	✓ Aligned	SKILL.md:24 reads OATDA_API_KEY environment variable

2 findings

🔗

Medium External URL 外部 URL

https://oatda.com

SKILL.md:4

🔗

Medium External URL 外部 URL

https://oatda.com/api/v1/llm/image

SKILL.md:58

File Tree

1 files · 4.6 KB · 141 lines

Markdown 1f · 141L

└─ 📝 SKILL.md Markdown 141L · 4.6 KB

Security Positives

✓ All capabilities declared in SKILL.md metadata and inline documentation

✓ URL validation explicitly rejects HTTP, local files, and internal IPs

✓ API key handling is security-conscious (only shows first 8 chars)

✓ Pure API client with no hidden functionality

✓ Well-structured error handling for HTTP status codes

✓ No base64 execution, eval(), or suspicious shell patterns

✓ No credential exfiltration or data theft patterns

✓ Required binaries (curl, jq) are declared in metadata

✓ API endpoint and body format are clearly documented

Scan Report

File Tree

Security Positives