ClawHub

Media Gen

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent AIsa media-generation client that uses a declared API key, contacts the expected service, and saves generated media locally.

Install only if you trust AIsa with the prompts and media-generation requests you send. Use a scoped or limited AISA_API_KEY where possible, choose output paths carefully, and be aware that generated media may be downloaded from URLs returned by the service and saved locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Tainted flow: 'req' from os.environ.get (line 94, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
os.makedirs(os.path.dirname(out_path) or ".", exist_ok=True)
    req = urllib.request.Request(url, headers={"User-Agent": "AIsa-Media-Gen/1.0"})
    try:
        with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:
            total = 0
            while True:
                chunk = resp.read(1024 * 1024)  # 1MB
Confidence
88% confidence
Finding
with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:

Tainted flow: 'out_path' from os.environ.get (line 406, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
os.makedirs(os.path.dirname(out_path) or ".", exist_ok=True)
    req = urllib.request.Request(url, headers={"User-Agent": "AIsa-Media-Gen/1.0"})
    try:
        with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:
            total = 0
            while True:
                chunk = resp.read(1024 * 1024)  # 1MB
Confidence
87% confidence
Finding
with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:

Tainted flow: 'out_path' from os.environ.get (line 406, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
return 1
        mime, data = images[0]
        out_path = args.out or _safe_filename(_ext_from_mime(mime))
        with open(out_path, "wb") as f:
            f.write(data)
        _print_json({"success": True, "route": route, "model": args.model, "mime_type": mime,
                     "saved_to": out_path, "images_returned": len(images)})
Confidence
90% confidence
Finding
with open(out_path, "wb") as f:

Tainted flow: 'out_path' from os.environ.get (line 406, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
kind, data, url = images[0]
        out_path = args.out or _safe_filename("png")
        if kind == "b64" and data is not None:
            with open(out_path, "wb") as f:
                f.write(data)
            _print_json({"success": True, "route": route, "model": args.model,
                         "saved_to": out_path, "images_returned": len(images),
Confidence
90% confidence
Finding
with open(out_path, "wb") as f:

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill declares required environment variables and implies external API use, but does not declare explicit permissions despite having env and network capabilities. This can weaken platform trust boundaries by causing the skill to access secrets or make outbound requests without a clear, reviewable permission model.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The description uses broad activation language such as handling creative generation and media workflows, which could cause the skill to be invoked for a wide range of ordinary user requests. Over-broad routing increases the chance of unnecessary secret exposure or unintended networked execution when a simpler, local response would suffice.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The usage guidance lists generic conditions like needing image or video generation without clear exclusions, making activation ambiguous. In a skill with API-key and network access, ambiguous invocation broadens the situations where external calls may be made and user content may be sent upstream unnecessarily.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal