ClawHub

img-upload

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: uploads a chosen local image to a public image host and returns public links, but users should only use it for images meant to be public.

Install this only if you want agents to create public image URLs. Do not use it for private screenshots, confidential documents, IDs, receipts, medical images, or internal tickets unless you explicitly want them uploaded to a third-party public host. Keep the delete_url private because it controls deletion of the hosted image.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The top-level description encourages invocation whenever there is a local image that might later be shared, pasted, or referenced, which is broader than a narrowly user-authorized upload action. In practice this can cause unintended use of the skill and unnecessary disclosure of local or sensitive images to a public third-party service.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The applicable-scenario bullets are ambiguous and mostly describe common image workflows, but they do not clearly separate safe local processing from public upload. That ambiguity increases the chance the skill is triggered for ordinary image tasks where external publication was not intended, leading to privacy or data-leak risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code uploads a user-specified local image to a third-party public image-hosting service and returns a public URL, but it provides no explicit warning, confirmation, or privacy notice before transmitting the file off-device. In this skill’s context, that is the core behavior, which makes the issue more significant because users may upload screenshots or generated images that contain sensitive information and may not realize the result is publicly accessible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal