ClawHub

AIML Generate images and videos

Security checks across malware telemetry and agentic risk

Overview

This is a normal AIMLAPI media-generation skill, but one image-input option can upload any local file path it is given, not just images.

Install only if you are comfortable sending prompts and selected media to AIMLAPI. Do not pass private files, credentials, SSH keys, browser profiles, or other non-image paths to --image-url or --apikey-file; prefer AIMLAPI_API_KEY and only use image files you intentionally want to upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tainted flow: 'req' from os.getenv (line 64, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
url_value = item.get("url")
        file_path = out_dir / f"image-{int(time.time())}-{index}.png"
        req = urllib.request.Request(url_value, headers={"User-Agent": args.user_agent})
        with urllib.request.urlopen(req) as res:
            file_path.write_bytes(res.read())
    print(f"SUCCESS: {out_dir}")
Confidence
82% confidence
Finding
with urllib.request.urlopen(req) as res:

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares access to an API key in `env` and instructs use of local scripts that perform network requests and write output files, but it does not declare corresponding permissions. This creates a trust and governance gap: a caller may believe the skill is low-privilege when it can actually read secrets, contact external services, and write data locally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal