ClawHub

Chinese Ink Painting Generator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it sends an image prompt to a remote generation API, but users should treat the API token and prompt text as sensitive.

Install only if you are comfortable sending prompts, optional reference IDs, and a Neta API token to api.talesofai.com. Use a low-privilege or trial token, avoid putting valuable reusable secrets directly in shell history, and do not include private or confidential material in prompts unless you trust the provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes a Node script that calls an external API using a user-supplied token, which implies network access, but the metadata declares only `tools: Bash` and no explicit network permission. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill sends prompts and credentials to a third-party service, increasing the risk of unintended data exfiltration or unauthorized outbound requests.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill advertises use of the Neta AI API and instructs users to obtain a Neta token, but it actually sends requests and user prompts to Tales of AI endpoints. This is a security-relevant integrity issue because users may disclose credentials and content under false assumptions about the service receiving them, and the mismatched branding suggests credential misuse or deceptive data routing.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The code tells users to supply a Neta token, yet labels outbound requests with a different platform identifier and sends them to a different service. This can mislead users into handing one provider's credential to another service context, creating risk of unauthorized credential use, account abuse, and loss of trust over where data is sent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly instructs users to pass the API token via a command-line flag every time they invoke the script. Command-line arguments are commonly exposed through shell history, process listings, logs, and telemetry, which can leak the token to other local users or monitoring systems; the added note about shell-variable expansion does not remove that risk because the expanded value still appears as an argument.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The invocation guidance is overly broad: 'Use when someone asks to generate or create chinese ink painting generator images.' Broad matching can cause the agent to select this skill for loosely related image-generation requests, sending user prompts to an external service when the user did not specifically intend to use this provider. In this skill's context, the main risk is mistaken activation and unnecessary disclosure of user content to a third-party API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal