ClawHub

Stability Ai

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Stability AI image-generation skill with expected API-key, network, and local file behavior, but users should understand prompt privacy, API_HOST, dependency, and auto-cleanup risks.

Install only if you are comfortable sending prompts to Stability AI and storing prompt metadata locally. Keep API_HOST unset or pointed only at a trusted official-compatible HTTPS endpoint, use a reviewed or pinned Python environment, and keep important images outside the auto-cleanup output directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Tainted flow: 'url' from os.getenv (line 195, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
print(f"Style:      {style_preset}")

    try:
        response = requests.post(url, headers=headers, json=body, timeout=120)
        
        if response.status_code == 401:
            print("Error: Invalid API key. Check your STABILITY_API_KEY.")
Confidence
95% confidence
Finding
response = requests.post(url, headers=headers, json=body, timeout=120)

Tainted flow: 'url' from os.getenv (line 195, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
print(f"Style:      {style_preset}")

    try:
        response = requests.post(url, headers=headers, files=files, data=data, timeout=120)
        
        if response.status_code == 401:
            print("Error: Invalid API key. Check your STABILITY_API_KEY.")
Confidence
95% confidence
Finding
response = requests.post(url, headers=headers, files=files, data=data, timeout=120)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and appears to use environment variables, local file reads/writes, and network access, but it does not declare any permissions. This creates a transparency and governance gap: users and the platform cannot accurately assess what the skill can access, increasing the risk of unexpected data exposure, filesystem modification, or outbound transmission of prompts and metadata.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are very broad, such as 'generate image', 'make a picture', and 'draw this', which can overlap with ordinary user requests and cause the skill to activate unexpectedly. In a skill with network and local file-writing behavior, overbroad invocation increases the chance of unintentional API calls, prompt transmission to a third party, and creation/deletion of local files without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation does not clearly warn that prompts and generated images are stored locally as files and metadata, and that older outputs are automatically deleted. This is dangerous because prompts may contain sensitive or personal information, and undisclosed retention/deletion behavior can lead to privacy issues, data loss, or forensic blind spots.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
python-dotenv
pillow
Confidence
96% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
python-dotenv
pillow
Confidence
95% confidence
Finding
python-dotenv

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
python-dotenv
pillow
Confidence
98% confidence
Finding
pillow

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
74% confidence
Finding
python-dotenv

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
pillow

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal