ClawHub

IMA AI Image Generator & Photo Generator — Poster, Thumbnail, Logo, Art, Illustration, Product & Social Media Graphic Design

Security checks across malware telemetry and agentic risk

Overview

This image generation skill uses an IMA API key and can upload local images to IMA services, but those behaviors are disclosed and fit the skill’s purpose.

Install only if you are comfortable sending prompts, generation metadata, and any local input images you provide to IMA’s remote services. Use a scoped or test IMA_API_KEY where possible, avoid pasting or echoing real keys in shared terminals or logs, and do not submit private, regulated, or confidential images unless that use is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares powerful capabilities in metadata and instructions: it requires an environment secret (IMA_API_KEY), writes to local persistence paths, performs network access to third-party domains, and invokes shell/Python entrypoints. The static finding is valid because these capabilities materially expand the attack surface, yet there is no explicit permission model presented to constrain or warn about secret use, file writes, command execution, or outbound data flows; this is especially relevant because the skill also states the API key and local image uploads are sent to remote services.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The file contains a hard-coded application key (`APP_KEY = "32jdskjdk320eew"`) embedded directly in source code. Hard-coded credentials are dangerous because they can be extracted from the repository, logs, or packaged artifacts and then abused to access the upstream API, impersonate the application, or consume billable resources.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The keyword block at this location is an unconstrained list of very generic image-generation terms, which can cause the skill to activate for a wide range of loosely related user requests. In an agent environment, overly broad triggers increase the chance of unintended routing, causing the system to invoke image-generation behavior when the user did not explicitly ask for it or when another safer/more appropriate skill should handle the request.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The Chinese-language description indicates that simply describing something in Chinese can trigger the skill, which is too ambiguous and effectively creates a catch-all activation condition. This makes accidental invocation more likely for Chinese-speaking users, increasing misrouting risk and reducing user control over whether image generation should occur.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The text implies Chinese can be used directly without offering a language-choice or opt-in model, which may bias invocation behavior toward one language path without transparent user selection. While not a direct code-execution issue, it can create inconsistent UX, surprise activation, and unfair routing behavior for multilingual users.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The README tells users to export an API key directly into the shell environment but provides no guidance on secure handling, such as avoiding shell history leakage, limiting scope, or using a secrets manager. In a skill intended for agent/runtime use, this can normalize weak credential practices and increase the chance of accidental key exposure in logs, screenshots, shared terminals, or persisted shell profiles.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README demonstrates image-to-image usage with local files and prompts but does not clearly disclose that those images and prompts are transmitted to a remote image-generation API. Because this skill handles potentially sensitive user-provided media, the omission can cause unintended disclosure of confidential or personal data to a third-party service.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The playbook explicitly instructs operators to run live checks with a real API key but provides no warning about protecting credentials, expected network transmission, billing impact, or safe handling of returned data and URLs. In an agent-skill repository, this is risky because users may paste keys into insecure environments or run networked commands without understanding they are contacting an external service and potentially incurring cost or exposing account activity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting guidance instructs users to print the API key with `echo "$IMA_API_KEY"` and to manually re-export a literal key value, which increases the chance of credential exposure through terminal history, screen sharing, logs, or copied documentation. In a skill intended for operational runtime use, this is a real secret-handling weakness because it normalizes unsafe debugging practices around production credentials.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The function uploads raw image bytes to a caller-provided URL without validating the destination host, scheme, or expected token structure. If an attacker can influence the ful parameter, this can cause unintended exfiltration of user images or SSRF-like outbound requests to arbitrary endpoints.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The function automatically uploads local image bytes to remote object storage after obtaining an upload token, with no confirmation, consent check, or user-visible warning at the upload step. In an image-generation skill, users may reasonably expect processing, but silent transfer of local files to external storage can expose sensitive images or metadata if the caller passes local paths unintentionally.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal