ClawHub

Cover Image

Security checks across malware telemetry and agentic risk

Overview

This is mostly a legitimate cover-image generator, but it has under-disclosed ways to upload local reference images and send generation metadata through extra network features.

Review before installing if you may work with private images or sensitive prompts. Use only public or intended-to-upload reference images, avoid --use-web-search and --webhook-url unless you specifically need them, and prefer providing IMAGE_GEN_API_KEY through your environment or a protected secret store rather than saving it into a project .env file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The CLI exposes a provider-side `use_web_search` feature even though the skill’s stated purpose is generating cover images. This expands the data-access surface by allowing prompts to trigger external retrieval through the provider, which can leak sensitive prompt context or fetch unreviewed remote content unrelated to image generation.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script accepts an arbitrary `webhook_url` and forwards it to the external provider, which can cause provider-initiated callbacks to attacker-controlled endpoints. In an agent setting, this creates an unnecessary outbound communication channel that can be abused for data exfiltration, network pivoting, or bypassing normal response-handling controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When the output format matches the input extension and `--keep` is not used, the tool writes back to the original input path. In a batch-processing context, this can silently destroy source assets or propagate unintended modifications, creating integrity and availability risk for user content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
If the destination file already exists, the script renames it to a timestamped backup and replaces it without any explicit user acknowledgment. This can unexpectedly alter or displace existing files, especially in recursive or automated runs, and may lead to data loss, confusion, or misuse of attacker-chosen output paths.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup script can persist IMAGE_GEN_API_KEY into a project- or home-scoped .env file via --api-key or --persist-api-key without any interactive confirmation, warning at the write site, or file-permission hardening. Storing credentials on disk increases exposure to accidental commit, workspace leakage, multi-user access, or later exfiltration by other tooling, especially because this is bundled as agent skill setup automation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script launches a subprocess and forwards the entire parent environment via `...process.env`. In an agent/skill context, environment variables commonly contain secrets such as API keys, tokens, proxy credentials, or CI metadata, so any invoked tool or script gains access to more sensitive data than it needs. This is especially risky because the entry script and its downstream dependencies are executed through `npx bun`, expanding the trust boundary to additional tooling.

VirusTotal

No VirusTotal findings

View on VirusTotal