ClawHub
Back to skill

Security audit

Pet Renaissance Portrait Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward command-line pet portrait generator that sends user-provided prompts and a token to a disclosed external image API.

Install only if you are comfortable sending prompts, optional reference UUIDs, and your Neta/TalesOfAI token to api.talesofai.com. Avoid sensitive personal details in prompts, and prefer limited-scope or short-lived tokens because command-line tokens may be visible in shell history or local process listings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises use of an external API token and Bash/Node invocation that will perform network access, but the manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or platforms may not realize the skill can send prompts and possibly sensitive image-related data to a third-party service.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is advertised as a narrowly scoped pet Renaissance portrait generator, but it forwards arbitrary user-supplied free text directly to a general-purpose image generation endpoint. This creates a scope-deception issue: users may reasonably trust the tool as pet-specific while it can be used for unrelated or policy-violating content generation, increasing misuse and trust risk.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The manifest says the skill uses the Neta AI API, but the code sends data and credentials to Tales of AI endpoints instead. This is a material transparency and data-destination mismatch that can mislead users about who receives their prompts and tokens, undermining informed consent and trust.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Accepting the API token on the command line exposes it to local process inspection, shell history, audit logs, and accidental disclosure, and the script gives no warning about this risk. Because the token is then transmitted to a remote service, compromise of the token could allow unauthorized API usage or billing abuse.

External Transmission

Medium
Category
Data Exfiltration
Content
};
  }

  const res = await fetch('https://api.talesofai.com/v3/make_image', {
    method: 'POST',
    headers: HEADERS,
    body: JSON.stringify(body),
Confidence
97% confidence
Finding
fetch('https://api.talesofai.com/v3/make_image', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
};
  }

  const res = await fetch('https://api.talesofai.com/v3/make_image', {
    method: 'POST',
    headers: HEADERS,
    body: JSON.stringify(body),
Confidence
97% confidence
Finding
https://api.talesofai.com/

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal