ClawHub

Media Gen

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AIsa media-generation skill that sends user prompts to AIsa and saves generated media as expected.

Install only if you are comfortable sending prompts and any reference image URLs to AIsa using your AISA_API_KEY. Avoid confidential prompts, secrets, internal-only URLs, or sensitive media unless you intend to share them with that provider, and choose output paths carefully to avoid overwriting important files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tainted flow: 'req' from os.environ.get (line 94, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
os.makedirs(os.path.dirname(out_path) or ".", exist_ok=True)
    req = urllib.request.Request(url, headers={"User-Agent": "AIsa-Media-Gen/1.0"})
    try:
        with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:
            total = 0
            while True:
                chunk = resp.read(1024 * 1024)  # 1MB
Confidence
93% confidence
Finding
with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:

Tainted flow: 'out_path' from os.environ.get (line 406, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
os.makedirs(os.path.dirname(out_path) or ".", exist_ok=True)
    req = urllib.request.Request(url, headers={"User-Agent": "AIsa-Media-Gen/1.0"})
    try:
        with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:
            total = 0
            while True:
                chunk = resp.read(1024 * 1024)  # 1MB
Confidence
84% confidence
Finding
with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:

Tainted flow: 'out_path' from os.environ.get (line 406, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
return 1
        mime, data = images[0]
        out_path = args.out or _safe_filename(_ext_from_mime(mime))
        with open(out_path, "wb") as f:
            f.write(data)
        _print_json({"success": True, "route": route, "model": args.model, "mime_type": mime,
                     "saved_to": out_path, "images_returned": len(images)})
Confidence
88% confidence
Finding
with open(out_path, "wb") as f:

Tainted flow: 'out_path' from os.environ.get (line 406, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
kind, data, url = images[0]
        out_path = args.out or _safe_filename("png")
        if kind == "b64" and data is not None:
            with open(out_path, "wb") as f:
                f.write(data)
            _print_json({"success": True, "route": route, "model": args.model,
                         "saved_to": out_path, "images_returned": len(images),
Confidence
88% confidence
Finding
with open(out_path, "wb") as f:

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends prompts, and for image-to-video workflows reference image URLs, to third-party AIsa APIs, but the description does not prominently warn users about this data transfer. This can lead to inadvertent disclosure of sensitive prompts, internal URLs, or proprietary media references to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal