ClawHub

Generate Image

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is purpose-aligned, but it can send draft content and inherited local credentials to a remote image API whose endpoint can be changed by input frontmatter.

Review before installing. Use only with trusted article drafts, remove unexpected image_provider/image_api_base/image_model frontmatter, run with a limited IMAGE_API_KEY in an isolated environment, and verify the md2wechat dependency separately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes capabilities to read files, write PNG outputs, access environment-provided tokens, invoke shell commands, and call a remote network API, but it declares no permissions. That creates a real trust and review gap: operators may approve or run the skill without understanding that article content and credentials can be sent to an external service and that local files can be modified.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
download_binary accepts arbitrary URLs and also permits local file paths or file:// URIs, then copies the referenced bytes into an output file. This creates an SSRF/local file read primitive that could be abused to fetch internal resources or exfiltrate sensitive local files under the guise of handling image assets, which is broader and riskier than the skill's stated role.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that article content is sent to an external image generation provider and even injects a default third-party API base URL, but it does not clearly warn users that draft content may leave the local environment. In a content-production pipeline, drafts may contain unpublished, proprietary, or sensitive material, so silent transmission to a remote service creates a real privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal