ClawHub

Doubao Web Image

Security checks across malware telemetry and agentic risk

Overview

This skill can generate Doubao images, but it does so by automating a logged-in browser while bypassing provider controls and saving reusable session data locally.

Review before installing. Use only if you are comfortable with Doubao web automation, local storage of your logged-in session, possible platform terms issues from bypassing controls or obtaining watermark-free originals, and file writes to chosen paths. Prefer an official API or a dedicated low-risk account, and delete ~/.doubao-web-session and debug files when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly documents interception and parsing of SSE responses to obtain a watermark-free original image URL, which goes beyond normal browser automation for image generation. This indicates deliberate extraction of protected asset variants and can facilitate unauthorized removal of platform-imposed watermarking or access controls.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The phrase claiming to 'perfectly bypass' Doubao Web signature risk controls is a strong indicator that the skill is designed to evade platform security mechanisms rather than simply automate legitimate use. Security-control evasion materially increases abuse potential and suggests intentional circumvention of provider protections and terms.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill persists a Playwright persistent browser profile under the user's home directory, which stores Doubao authentication state beyond the immediate image-generation task. This increases privacy and security risk because session cookies and related browser artifacts may remain on disk indefinitely and could be reused by other local processes or users if the host is compromised.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The static downloadImage helper accepts an arbitrary URL and writes the response to an arbitrary local path, which expands the skill from Doubao image generation into a generic network-to-disk fetch primitive. In a larger agent system, this could be abused to retrieve unexpected remote content, overwrite user files at chosen paths, or facilitate data staging unrelated to the declared purpose.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that an AI assistant will silently invoke the CLI in the background, which can trigger browser automation and reuse a persisted logged-in session without making those side effects explicit to the end user. In an agent-skill context, silent execution materially increases the risk of users unknowingly causing automated actions on a third-party account and exposing locally stored session state to downstream tooling or misuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README notes that login state is saved under ~/.doubao-web-session, but presents this as operational detail rather than a prominent security warning about persistent credential/session material on disk. Persisted browser session data can be sensitive; if users are not clearly warned, they may not understand the account takeover or privacy implications on shared or compromised machines.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition is overly broad because it activates even when the user does not specifically request Doubao, increasing the chance of silently invoking a tool with risky behaviors such as session persistence, headless browser automation, and network interception. Over-broad invocation weakens informed user consent and can expose users to side effects they did not expect.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Persistently storing login state in ~/.doubao-web-session creates credential/session material on disk, but the skill description does not prominently warn users or obtain consent for this retention. If the host is shared or compromised, stored session artifacts could be reused to access the user's Doubao account.

Missing User Warnings

Low
Confidence
78% confidence
Finding
Running browser automation in headless silent background mode by default reduces user visibility into what actions are being performed in their browser session. While not inherently malicious, the lack of clear disclosure undermines transparency and makes risky behaviors harder for users to notice or interrupt.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation omits a clear user warning that the skill intercepts network responses and extracts watermark-free original image URLs, which is a sensitive and potentially policy-violating behavior. Hidden interception increases the risk of unauthorized data access and deprives the user of informed consent about how the tool operates.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code stores persistent browser session data in the home directory without any explicit user-facing disclosure that login state will be retained locally. This is a real privacy/security issue because users may unknowingly leave authenticated Doubao sessions and related browsing artifacts on disk after the skill finishes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill writes screenshots and page HTML to local files for debugging during login and timeout/error handling, potentially capturing sensitive page contents such as account details, prompts, tokens, or other personal data. Because this happens without prior warning or sanitization, it creates unintended local data retention and possible exposure to other users or processes on the machine.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill writes debug HTML and downloaded images to local files without clearly warning the user that it will modify the filesystem. While file output is somewhat expected for image generation, undisclosed writes still create privacy and operational risk, especially when paths are caller-controlled or artifacts persist after execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal