ClawHub

Generate Perler Beads Pindou

Security checks across malware telemetry and agentic risk

Overview

The skill appears to call a remote Perler bead pattern service as advertised, but its helper scripts use a broad metadata-driven API runner with an API key and unclear endpoint containment.

Review before installing. Only use this with non-sensitive prompts and public image URLs, assume generated share/workspace links may expose the result to others with the link, and provide the DEEPNLP_ONEKEY_ROUTER_ACCESS key only if you trust the remote service and can verify the actual API metadata/endpoint used at runtime.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script supports injecting authentication material from environment variables into arbitrary outbound API requests defined in metadata, which gives this skill a generic secret-using network capability unrelated to its stated perler-bead pattern generation purpose. In a skill context, this increases the risk of covert exfiltration or unauthorized use of platform-provided credentials if the referenced API metadata is modified or points to an attacker-controlled endpoint.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This file is a general-purpose API executor: it loads arbitrary API definitions from metadata, accepts caller-supplied payloads, chooses HTTP method dynamically, and sends requests to configured endpoints. That capability is materially broader than the advertised pattern-generation function, making the skill behavior opaque and enabling misuse as a flexible network proxy or data exfiltration mechanism.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documentation instructs users to provide prompts and image URLs that are then sent to remote services, but it gives no privacy notice or data-sharing warning. Users may unknowingly disclose sensitive prompts, proprietary images, or internal URLs to an external processor.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation highlights shareable session/workspace URLs without warning that anyone possessing such links may be able to access generated content. This can lead to unintended disclosure of user-submitted images, prompts, derived designs, or session artifacts.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script transmits user-supplied payloads and potentially authentication headers to remote services without any disclosure, consent, or even logging that would make this data flow visible to a user or reviewer at runtime. In combination with the generic API-runner design, this creates a meaningful privacy and secret-handling risk, especially if prompts, image references, or tokens contain sensitive information.

VirusTotal

1/64 vendors flagged this skill as malicious, and 63/64 flagged it as clean.

View on VirusTotal