ClawHub

calorie-detective-v1

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real food-photo calorie tool, but its API-key/provider handling is under-scoped and its photo-upload privacy disclosure is incomplete.

Review before installing. Use a dedicated low-scope API key, set only the provider key you intend to use, avoid storing keys in config files, and do not upload photos containing faces, documents, location clues, or other sensitive details. Prefer installing in a virtual environment with current patched dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The recognizer falls back to OPENAI_API_KEY even when the default provider is Kimi, which expands the skill's reachable external-service surface beyond the stated purpose. This is dangerous because it enables unintended use of broader credentials and can route user image data to a different third party than users expect.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The code advertises support for OpenAI, Claude, and Qwen paths that are not reflected in the skill description. This creates a transparency and trust issue because operators may deploy the skill believing it only uses Kimi, while the code contains alternate external-provider behaviors.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The OpenAI recognition path sends the user-supplied food image to api.openai.com, despite the manifest only mentioning Kimi vision recognition. This is dangerous because it causes undisclosed third-party transmission of user content and may violate user expectations, privacy commitments, or platform review assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users to upload food photos for AI vision analysis but does not clearly disclose that those images may be transmitted to third-party providers such as Kimi, OpenAI, or Claude. Food photos can contain sensitive incidental data such as location clues, personal surroundings, documents, or faces, so sending them off-device without clear notice undermines informed consent and privacy expectations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill transmits image content to an external vision API without any evident user-facing privacy notice or consent flow. This is dangerous because food photos can contain sensitive contextual information, and undisclosed upload to third parties creates privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The OpenAI path uploads user images to a third-party API without a clear warning in code flow or manifest description. This increases privacy risk because users may not expect their images to leave the local environment or be processed by OpenAI specifically.

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
requests

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
pyyaml

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
92% confidence
Finding
Pillow

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal