ClawHub

Polaroid Photo Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate API-backed photo generation skill, but it under-discloses external data sharing and handles the API token in a risky way.

Install only if you are comfortable sending prompts and related generation inputs to the Neta service. Prefer using a short-lived or restricted API token, avoid passing secrets directly on the command line, and do not submit confidential or regulated content unless the provider's privacy and retention terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares only Bash tooling while its documented usage clearly depends on making outbound requests to the Neta API, indicating effective network capability without corresponding permission disclosure. This creates a transparency and policy-enforcement gap: users or hosting platforms may approve the skill without realizing it sends prompts and tokens to an external service.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The README instructs users to send both their prompt content and API token to a third-party service, but it does not explicitly warn that prompts and credentials are transmitted off-host or discuss retention/privacy implications. This is a real transparency/privacy issue because users may submit sensitive prompts or misunderstand where their data is processed, though the behavior appears consistent with the skill’s stated purpose rather than overtly malicious.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script requires the API token via a --token command-line argument and then forwards it in an HTTP header. Command-line arguments are commonly exposed through shell history, process listings, CI logs, and job telemetry, so this creates a real credential exposure risk even if the outbound request itself is expected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal