ClawHub

Comic

Security checks across malware telemetry and agentic risk

Overview

This comic generator mostly matches its purpose, but it needs review because it can upload local reference images to WeryAI despite conflicting top-level guidance, accepts arbitrary webhooks, and can run setup/install steps.

Install only if you are comfortable sending prompts and any reference images to WeryAI. Avoid sensitive local reference images, do not use webhook or web-search options unless you explicitly need them, and prefer environment-provided API keys over persisting secrets into project .env files. Expect first-run setup to create .image-skills config and possibly run npm install for bundled dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly uses sensitive capabilities—network access to an external API and environment-based secrets—but does not declare explicit permissions beyond metadata requirements. That weakens sandboxing, review, and user awareness, making it easier for a skill to access secrets or reach external services without a clear permission boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is described as a comic generator, but it also performs materially broader actions: contacting a third-party API, reading configuration and API keys, querying remote service metadata, invoking external compression tools, and writing packaged outputs. This mismatch can mislead users and reviewers about the real trust boundary and data flows, increasing the chance of unintended secret exposure or unsafe tool execution.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This file is a fully functional local image-compression CLI that traverses directories, rewrites outputs, and can replace or rename user files. That capability is materially broader than the stated comic-generation purpose, increasing supply-chain and trust-boundary risk because a user or higher-level agent may invoke unexpected filesystem-modifying behavior from bundled vendor code.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The script spawns external binaries such as which, cwebp, ImageMagick, convert, and sips, expanding the skill's effective attack surface to host-installed tools and their parsing behavior. Even though command names are allowlisted and shell injection is avoided, invoking unexpected system tools from a comic skill is still dangerous because it depends on ambient host state and grants capabilities not disclosed by the manifest.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script recursively discovers package.json files and runs `npm install` in each matching directory, which executes arbitrary dependency lifecycle scripts and fetches unpinned third-party code. For a comic-generation skill, this bootstrap capability is not necessary at runtime and expands the trust boundary significantly, making supply-chain compromise or unintended code execution possible if the script is invoked on untrusted or modified content.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The script accepts an arbitrary `--webhook-url` and forwards it to the external generation provider, causing provider-side callbacks to attacker-controlled destinations. In an agent setting, this enables unintended outbound network interaction and can leak job metadata, task identifiers, and generation results outside the expected comic-generation workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly permits local files to be encoded as `data:image/...;base64,...` and sent to a third-party API, but it does not include any warning, consent requirement, or data-handling guardrails. In a comic/image-generation skill, users may reasonably provide local reference images that contain sensitive personal, proprietary, or copyrighted content, so this guidance can lead to unintended exfiltration of local file contents to the remote WeryAI service.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script can write a supplied or environment-derived IMAGE_GEN_API_KEY into a persistent .env file without an interactive confirmation or strong warning at the write site. In agent-driven or automated contexts, this increases the risk of unintentionally storing secrets on disk in a project directory or home directory where they may later be exposed, committed, or read by other tooling.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: comic
description: Generate educational or narrative comic pages with structured art, tone, layout, and language decisions and bundled generation tooling. Use when the user asks to create a knowledge comic, tutorial comic, biography comic, educational comic, or a multi-page comic sequence.
metadata: { "pattern": ["generator", "pipeline"], "openclaw": { "emoji": "📖", "primaryEnv": "IMAGE_GEN_API_KEY", "requires": { "env": ["IMAGE_GEN_API_KEY"], "anyBins": ["bun", "npx"], "bins": ["node", "npm", "zip"] } } }
---
Confidence
84% confidence
Finding
create a knowledge comic, tutorial comic, biography comic, educational comic, or a multi-page comic sequence. metadata: { "pattern": ["generator", "pipeline"], "openclaw": { "emoji": "📖", "primaryEnv"

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal