ClawHub

Senior Computer Vision

Security checks across malware telemetry and agentic risk

Overview

This computer-vision skill is mostly coherent, but its optimizer can execute code from untrusted PyTorch model files during normal analysis or benchmarking.

Review the scripts before installing. Do not run scripts/inference_optimizer.py on untrusted .pt or .pth files; prefer trusted/exported formats such as ONNX, or run PyTorch model loading in an isolated environment without secrets or broad filesystem access. Treat dataset operations as write-producing workflows and run them on copies or separate output directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The dataset-cleaning step explicitly recommends commands that remove corrupted and duplicate images and write cleaned output, but it provides no warning that data may be deleted, excluded, or irreversibly altered if the script operates in place or is misconfigured. In a production ML workflow, accidental removal of source images can cause data loss, break reproducibility, and silently bias training datasets.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The FastAPI example accepts uploaded images and processes them through a network-exposed endpoint without any privacy notice, consent guidance, retention policy, or handling restrictions. In a production vision systems guide, this omission can lead developers to deploy image-upload services that process potentially sensitive personal, biometric, or proprietary imagery without adequate disclosure or safeguards.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code calls torch.load() on a user-supplied model path during analysis, which uses Python pickle-based deserialization and can execute attacker-controlled code when loading an untrusted .pt/.pth file. In this skill context, the tool is explicitly designed to inspect arbitrary vision model artifacts, which increases exposure because users are likely to run it on third-party models downloaded from external sources.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The benchmarking path again invokes torch.load() on a user-controlled model file, creating the same unsafe deserialization risk before any benchmarking occurs. This is especially dangerous because benchmarking is a routine workflow in a computer-vision optimization tool, so operators may casually run it against untrusted pretrained models and trigger arbitrary code execution on developer workstations or build systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal