ClawHub

MiniMax Vision Captcha

Security checks across malware telemetry and agentic risk

Overview

This skill openly analyzes screenshots and CAPTCHAs, but it needs review because it can help bypass verification challenges and includes an unsafe command-running helper.

Install only if you have a legitimate, authorized need to analyze your own screenshots or images. Do not use it to bypass third-party CAPTCHA or anti-bot systems, avoid sending screenshots that contain secrets or personal data, and fix the helper to use safe argument arrays before running it on untrusted input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broadly phrased around image recognition, screenshots, text extraction, and CAPTCHA analysis, which can cause the skill to activate for many generic image-analysis requests. In context, this is more concerning because the skill explicitly supports CAPTCHA and webpage screenshot workflows, increasing the chance it is invoked in sensitive browsing sessions and handles data beyond the user's intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to capture screenshots and send them to an external vision model, but provides no warning about privacy, consent, sensitive data exposure, retention, or third-party processing. This is dangerous because screenshots may contain credentials, personal information, tokens, or confidential page content, and the skill's CAPTCHA/webpage-analysis context makes collection of highly sensitive browser data especially likely.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger set is broad and includes generic phrases such as '图片识别', '视觉分析', and 'captcha', which can cause this skill to activate for requests far outside narrow CAPTCHA analysis. In this context, that matters more because the skill explicitly handles CAPTCHA and slider recognition, which are commonly used in anti-bot controls; unintended activation could route sensitive or policy-relevant tasks to a tool designed to bypass or weaken such protections.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script builds a shell command with unsanitized user-controlled values from --prompt and --imagePath, then executes it with execSync. Because shell metacharacters inside those values can break out of the quoted arguments, an attacker can trigger arbitrary command execution on the host running the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal