ClawHub

Pixel Art Processing

Security checks across malware telemetry and agentic risk

Overview

This pixel-art tool is mostly coherent, but it asks users to run backend tooling that can execute unreviewed local code and affect unrelated local services.

Review before installing. Use the local browser/Python processing paths only with files you trust, avoid running the deploy helper unless you have reviewed the external backend directory it references, do not expose the API on 0.0.0.0 without authentication and firewalling, and only remove watermarks or provenance marks when you have explicit rights to do so.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (20)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The page imports executable JavaScript from third-party CDNs at load time, giving those remote providers the ability to run arbitrary code in the user's browser whenever the tool is opened. Because this tool handles local files and generates downloadable outputs, a compromised CDN, dependency takeover, or network tampering event could exfiltrate user images or silently alter results.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The GIF creation path dynamically injects and executes an additional remote script at runtime, which expands the attack surface beyond initial page load and bypasses any expectation that the tool is fully local. An attacker controlling that CDN response could execute arbitrary code on demand when a user processes frames, including reading selected files and leaking data over the network.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The script enumerates local processes and terminates uvicorn processes, then escalates to killing any process with 'uvicorn' in its command line using SIGKILL. In a multi-project environment this can disrupt unrelated local services, causing denial of service or accidental destruction outside the skill's intended image-processing role.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are very broad and include common terms like sprite, pixelate, background removal, and image-editing phrases in multiple languages, making accidental invocation likely. In an agent setting, overbroad triggers can route unrelated user requests into a skill that may prompt local file handling, backend deployment, or other higher-risk operations than the user expected.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly advertises Gemini and Seedance watermark removal without any legal, ownership, or policy warning. That framing can facilitate misuse for copyright circumvention, provenance removal, or deceptive media manipulation, especially because the surrounding context presents it as a standard supported feature rather than a restricted or cautionary operation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document explicitly instructs users to remove a third-party 'Gemini' watermark as a routine processing step, without any warning about copyright, licensing, attribution, or provenance concerns. In this skill context, that guidance can facilitate misuse of protected or AI-generated assets and normalize removal of origin markers before redistribution.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script force-kills processes with SIGKILL based on loose cmdline matching and gives no warning or confirmation before destructive action. This can terminate unrelated uvicorn services and bypass cleanup handlers, leading to service disruption, data loss, or corruption.

Ssd 4

Medium
Confidence
98% confidence
Finding
The workflow provides operational, step-by-step instructions to remove a third-party watermark before continuing image processing. Because this skill is specifically designed for asset processing and sprite workflows, the instruction is more dangerous than in an abstract discussion: it can directly enable unauthorized reuse, laundering of asset provenance, and downstream redistribution of infringing content.

Unpinned Dependencies

Low
Category
Supply Chain
Content
基于 FrameRonin: https://github.com/systemchester/FrameRonin
"""
fastapi>=0.104.0
uvicorn[standard]>=0.24.0
python-multipart>=0.0.6
pydantic>=2.5.0
Confidence
94% confidence
Finding
fastapi>=0.104.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
"""
fastapi>=0.104.0
uvicorn[standard]>=0.24.0
python-multipart>=0.0.6
pydantic>=2.5.0
redis>=5.0.0
rq>=1.15.0
Confidence
94% confidence
Finding
python-multipart>=0.0.6

Unpinned Dependencies

Low
Category
Supply Chain
Content
fastapi>=0.104.0
uvicorn[standard]>=0.24.0
python-multipart>=0.0.6
pydantic>=2.5.0
redis>=5.0.0
rq>=1.15.0
ffmpeg-python>=0.2.0
Confidence
92% confidence
Finding
pydantic>=2.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
uvicorn[standard]>=0.24.0
python-multipart>=0.0.6
pydantic>=2.5.0
redis>=5.0.0
rq>=1.15.0
ffmpeg-python>=0.2.0
rembg>=2.0.50
Confidence
91% confidence
Finding
redis>=5.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-multipart>=0.0.6
pydantic>=2.5.0
redis>=5.0.0
rq>=1.15.0
ffmpeg-python>=0.2.0
rembg>=2.0.50
pillow>=10.0.0
Confidence
90% confidence
Finding
rq>=1.15.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydantic>=2.5.0
redis>=5.0.0
rq>=1.15.0
ffmpeg-python>=0.2.0
rembg>=2.0.50
pillow>=10.0.0
python-magic-bin>=0.4.14;sys_platform=="win32"
Confidence
92% confidence
Finding
ffmpeg-python>=0.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
redis>=5.0.0
rq>=1.15.0
ffmpeg-python>=0.2.0
rembg>=2.0.50
pillow>=10.0.0
python-magic-bin>=0.4.14;sys_platform=="win32"
python-magic>=0.4.27;sys_platform!="win32"
Confidence
94% confidence
Finding
rembg>=2.0.50

Unpinned Dependencies

Low
Category
Supply Chain
Content
rq>=1.15.0
ffmpeg-python>=0.2.0
rembg>=2.0.50
pillow>=10.0.0
python-magic-bin>=0.4.14;sys_platform=="win32"
python-magic>=0.4.27;sys_platform!="win32"
aiofiles>=23.2.0
Confidence
95% confidence
Finding
pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pillow>=10.0.0
python-magic-bin>=0.4.14;sys_platform=="win32"
python-magic>=0.4.27;sys_platform!="win32"
aiofiles>=23.2.0
httpx>=0.25.0
opencv-python-headless>=4.8.0
numpy>=1.24.0
Confidence
88% confidence
Finding
aiofiles>=23.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-magic-bin>=0.4.14;sys_platform=="win32"
python-magic>=0.4.27;sys_platform!="win32"
aiofiles>=23.2.0
httpx>=0.25.0
opencv-python-headless>=4.8.0
numpy>=1.24.0
Confidence
93% confidence
Finding
httpx>=0.25.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-magic>=0.4.27;sys_platform!="win32"
aiofiles>=23.2.0
httpx>=0.25.0
opencv-python-headless>=4.8.0
numpy>=1.24.0
Confidence
95% confidence
Finding
opencv-python-headless>=4.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiofiles>=23.2.0
httpx>=0.25.0
opencv-python-headless>=4.8.0
numpy>=1.24.0
Confidence
90% confidence
Finding
numpy>=1.24.0

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal