ClawHub

ImageCompress

Security checks across malware telemetry and agentic risk

Overview

TinyCompress does what it says, but it uploads images to a third party through an unofficial web endpoint while spoofing browser/IP headers and allowing overwrite of originals.

Review before installing. Use it only for images you are comfortable uploading to TinyPNG/Tinify, avoid sensitive or proprietary files, avoid recursive directory runs unless the scope is clear, and do not use --overwrite without backups. For production or high-volume use, prefer the provider's official API rather than the unofficial web endpoint with spoofed headers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly requires outbound network access to tinypng.com/tinify.cn, but the manifest does not declare that capability. Undeclared network use weakens transparency and policy enforcement, and here it is especially relevant because user-provided images are uploaded to third-party servers, creating privacy and data-handling risk.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The helper builds forged request metadata, including randomized User-Agent strings and fake X-Forwarded-For IP addresses, specifically to disguise client identity and reduce service-side detection or throttling. In the context of an image compression utility, this is not necessary for core functionality and instead enables abuse of a third-party web service while misrepresenting origin.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code contains explicit rate-limit and identity-evasion logic unrelated to legitimate image compression, including randomized headers, fake client IPs, retry behavior, and comments stating the purpose is to avoid being restricted. That combination materially increases the ability to misuse TinyPNG/Tinify's free web endpoint and exposes users and operators to abuse, account, and legal risk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation guidance uses very broad phrases like 'compress image' and generic optimization terms that could cause the skill to trigger on common user requests without clear intent to use this specific tool. In this skill, unintended invocation matters more because it can lead to automatic network upload of local images to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script uploads full image contents to external TinyPNG/Tinify servers but does not present an explicit privacy or data-transfer warning at the time of use. Users may unknowingly transmit sensitive or proprietary images off-device, which is especially risky because the tool markets itself as a simple local compression utility.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
When overwrite mode is enabled, the tool writes the downloaded content directly to the original file path without a point-of-use warning, backup, or atomic replacement safeguards. A failed or unexpected response could destroy the user's original image, making this a destructive operation risk rather than code execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal