ClawHub

Ernie Image Radeon

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed image-generation skill that sends prompts to an external ERNIE/Radeon endpoint and saves generated images locally, with clear warnings about sensitive prompts.

Install only if you are comfortable sending image prompts and parameters to the stated external service. Avoid secrets, private personal data, and confidential business prompts, especially because the default endpoint uses HTTP. Review or specify the output directory before generation, and use only trusted HTTPS custom endpoints if you set ERNIE_BASE_URL or AI_STUDIO_API_KEY.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs use of environment variables, local file writes, and outbound network access, but does not declare permissions for those capabilities. This creates a transparency and consent problem: agents or users may invoke a skill with broader operational reach than expected, including sending prompts to a remote endpoint and writing generated files locally.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script accepts an arbitrary ERNIE_BASE_URL from the environment and then sends the user's prompt and generation parameters to that remote service without any allowlist or trust validation. In an agent/skill context, this enables silent redirection of requests to attacker-controlled infrastructure, causing prompt exfiltration, misleading outputs, and possible credential forwarding when HTTPS is used.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes generic phrases such as "create image," "generate image," and especially "draw," which are common in normal conversation and can cause accidental skill activation. Unintended invocation matters more here because the skill performs network requests to an HTTP endpoint and writes files locally, so a false trigger can leak prompt content or create unwanted artifacts.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The quick-trigger section instructs the agent to generate immediately on matching phrases, without confirmation, while including ambiguous triggers like "draw: xxx." In this skill's context, immediate execution is riskier because prompts are transmitted to a third-party service and the document itself acknowledges the default endpoint uses unencrypted HTTP.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal