ClawHub

BigModel Image Video Generator

Security checks across malware telemetry and agentic risk

Overview

This image/video generation skill appears purpose-aligned, but its broad activation language and third-party prompt/media transmission deserve user review before installation.

Install only if you are comfortable sending generation prompts and referenced image URLs to BigModel. Use a scoped API key, avoid putting sensitive or private URLs in prompts, prefer session-only secret storage or a secrets manager, and require explicit confirmation before the skill makes external generation calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documentation instructs users to set an API key in the environment, invoke local Python scripts, and use networked third-party APIs, but the skill declares no corresponding permissions. This creates a transparency and policy-enforcement gap: an agent or user may invoke capabilities involving secrets, outbound requests, and file/script usage without an explicit permission contract.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to persistently store the API key in shell startup files but does not warn about the security implications, such as accidental disclosure through dotfile backups, shared accounts, misconfigured home directory permissions, or screen sharing. While this is a common convenience pattern, documenting it without safer alternatives or warnings can lead to unnecessary credential exposure.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger description is overly broad, stating the skill should be used proactively for almost any request involving creating, designing, or making visual content, even when the user does not explicitly ask for generation. This increases the chance of mis-triggering the skill in ordinary conversations, causing unintended network calls, API-key use, and external content generation beyond user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The callable image-generation function transmits user-supplied prompts to an external third-party API, but the module exposes no disclosure, consent, or policy boundary at the function interface. In an agent-skill context, users may reasonably believe content is processed locally; silent exfiltration of prompts or referenced media can expose sensitive business, personal, or regulated data.

External Transmission

Medium
Category
Data Exfiltration
Content
watermark_enabled: bool = True,
    ) -> dict:
        """生成单张图片"""
        resp = requests.post(
            f"{self.base_url}/paas/v4/images/generations",
            headers=self._headers,
            json={
Confidence
96% confidence
Finding
requests.post( f"{self.base_url}/paas/v4/images/generations", headers=self._headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
if image_url:
            payload["image_url"] = image_url

        resp = requests.post(
            f"{self.base_url}/paas/v4/videos/generations",
            headers=self._headers,
            json=payload,
Confidence
97% confidence
Finding
requests.post( f"{self.base_url}/paas/v4/videos/generations", headers=self._headers, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal