ClawHub

WuyinKeji GPT-Image-2

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill matches its stated purpose, but it exposes and handles API keys in risky ways and sends prompts or reference-image URLs to a third-party service without enough disclosure.

Review carefully before installing. Use only a scoped or disposable WuyinKeji API key, do not rely on or reuse the embedded key, avoid sensitive prompts or private reference images, and be aware the helper script may expose the key through command history, process listings, or URL logs. Prefer a revised version that removes the literal key and avoids query-string credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation description is broad enough to trigger on generic image-generation requests, which can cause the agent to route users into this third-party integration unexpectedly. In context, that means prompts and potentially user-supplied reference image URLs may be sent to an external service even when the user did not specifically request this vendor.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly sends API keys and reference image URLs to a third-party endpoint but gives no privacy, retention, or data-sharing warning. This is dangerous because users may provide sensitive prompts or personal images without understanding they are being transmitted off-platform to an external vendor.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the API key in the query string when polling task status: `...detail?id=$TASK_ID&key=$KEY`. Query parameters are commonly logged by shells, proxies, load balancers, browser/history equivalents, and server access logs, which can expose the credential beyond the intended recipient. In this skill context, the key is a live secret for a third-party image API, so leakage could allow unauthorized API use and billing abuse.

Ssd 3

High
Confidence
98% confidence
Finding
The skill metadata says to use the skill especially when the user mentions a specific API key value, which effectively bakes secret material into routing logic. This can steer the agent to recognize, rely on, or potentially surface an embedded credential, increasing the risk of secret exposure and misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal