ClawHub
Back to skill

Security audit

Generate images & videos with: Gemini 3 Pro Image (image) + Qwen Wan 2.6 (video) via one API key

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uses an AIsa API key to generate images or videos and can save the results locally.

Use a dedicated or revocable AIsa API key, avoid sending sensitive private prompts or reference image URLs, and choose output paths carefully because named files can be overwritten. The automatic video download path would be safer with HTTPS host validation and a maximum file-size limit, so use --download only when you trust the provider response.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tainted flow: 'req' from os.environ.get (line 65, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
os.makedirs(os.path.dirname(out_path) or ".", exist_ok=True)
    req = urllib.request.Request(url, headers={"User-Agent": "OpenClaw-Media-Gen/1.0"})
    try:
        with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:
            total = 0
            while True:
                chunk = resp.read(1024 * 1024)  # 1MB
Confidence
88% confidence
Finding
with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:

Missing User Warnings

Low
Confidence
84% confidence
Finding
When used with --download, the tool writes remotely fetched content to a local file, and that remote URL originates from an API response rather than direct user control. In context, this compounds the unsafe download behavior because it can silently persist attacker-selected content locally once a task reports success.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.