ClawHub

Ai Headshot Skill

Security checks across malware telemetry and agentic risk

Overview

This is a small API-backed headshot generator that does what it describes, though it sends prompts and a user-supplied token to an external Neta/TalesOfAI service.

Install only if you trust the publisher and the Neta/TalesOfAI service. Use a scoped or trial token if possible, avoid sensitive personal details in prompts, do not reuse important credentials, and review the provider’s privacy terms before using identity-related prompts or reference images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares only a Bash tool and does not transparently declare that it performs outbound network access, yet its behavior depends on contacting an external API. Hidden or undeclared network capability is dangerous because users and policy systems may assume the skill is local-only while prompts and API tokens are actually transmitted off-platform.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill claims to use the Neta API but static analysis indicates it actually contacts a different service, api.talesofai.com, and supports reference-based image inheritance not clearly disclosed in the description. This mismatch is high risk because it can mislead users into sending secrets, prompts, and image references to an unexpected third party, defeating informed consent and trust boundaries.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata claims to use the Neta AI API, but the code sends authenticated requests to api.talesofai.com with a mismatched x-platform header. This discrepancy can mislead users about where their token and prompts are being sent, undermining informed consent and creating a credential exfiltration risk if the user supplies a service token expecting a different provider.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly instructs users to send prompts and optional reference-image identifiers to a third-party image generation API, but it does not disclose that user-provided content may leave the local environment and be processed by an external service. In an image/headshot skill, prompts and reference identifiers can relate to personal or biometric-style imagery, so the missing privacy/data-sharing notice increases the risk of inadvertent disclosure of sensitive personal data.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation guidance is broad enough that the skill could trigger on common requests to generate or create headshots without clearly surfacing that an external service will be used. Overbroad activation increases the chance of accidental invocation, causing unintended transmission of user prompts or credentials to a third-party API.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documentation does not warn users that their text prompts and API token are sent to an external image-generation provider. Lack of disclosure is dangerous because tokens are sensitive credentials and prompts may contain private or identifying information, especially in a headshot-generation context tied to personal imagery.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires a user-supplied token and transmits it in the x-token header to an external third-party API, but the code provides no meaningful disclosure beyond requesting the token. In the context of a skill advertised for a different vendor, this increases the risk that users unknowingly send sensitive credentials to an unexpected service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal