ClawHub

calorie1-detective-v3

Security checks across malware telemetry and agentic risk

Overview

This is a coherent food-photo calorie calculator, but users should understand that selected images are sent to Kimi/Moonshot for recognition.

Install only if you are comfortable sending chosen food photos to Kimi/Moonshot for processing. Avoid images containing faces, documents, location clues, or private background details; keep API keys in environment variables or a private local config; and install dependencies in an isolated environment with current patched package versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises capabilities that imply environment access, file reading, and network use, but it does not declare any permissions in the manifest. This creates a transparency and policy-enforcement gap: users and the hosting platform cannot accurately assess or constrain what the skill may access, increasing the risk of unintended data exposure or outbound requests.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The front matter identifies the skill as v2.0.0 while the body presents it as v3.0.0 with newer functionality and release history. This inconsistency can mislead reviewers and users about the actual code and feature set being deployed, which undermines trust, complicates auditing, and can conceal unreviewed changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code base64-encodes the entire local image and sends it to Moonshot's external API for vision recognition, but the user-facing flow and report do not clearly warn that the photo leaves the local environment. This creates a privacy and data-handling risk because food photos may contain sensitive metadata or incidental personal content, and users may not realize they are transmitting images to a third party.

External Transmission

Medium
Category
Data Exfiltration
Content
}
        
        try:
            response = requests.post(
                "https://api.moonshot.cn/v1/chat/completions",
                headers=headers,
                json=payload,
Confidence
91% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
}
        
        try:
            response = requests.post(
                "https://api.moonshot.cn/v1/chat/completions",
                headers=headers,
                json=payload,
Confidence
91% confidence
Finding
requests.post( "https://api.moonshot.cn/v1/chat/completions", headers=headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
try:
            response = requests.post(
                "https://api.moonshot.cn/v1/chat/completions",
                headers=headers,
                json=payload,
                timeout=60
Confidence
90% confidence
Finding
https://api.moonshot.cn/

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Food Calorie Calculator Dependencies
requests>=2.28.0
pyyaml>=6.0
Pillow>=9.0.0
Confidence
92% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Food Calorie Calculator Dependencies
requests>=2.28.0
pyyaml>=6.0
Pillow>=9.0.0
Confidence
95% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Food Calorie Calculator Dependencies
requests>=2.28.0
pyyaml>=6.0
Pillow>=9.0.0
Confidence
94% confidence
Finding
Pillow>=9.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
83% confidence
Finding
requests

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
90% confidence
Finding
pyyaml

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
94% confidence
Finding
Pillow

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal