ClawHub

Vtuber Avatar Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a small VTuber image generator that sends user-provided prompts, optional reference IDs, and an API token to a documented image API, with no hidden local data access or persistence found.

Install only if you are comfortable sending prompts, optional reference image UUIDs, and a Neta/TalesofAI API token to api.talesofai.com. Use a token scoped to this service, avoid sensitive prompt content, and prefer safer secret handling over pasting tokens directly into command lines or shared terminals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares only a Bash tool interface but, by its own description, requires calling an external API with a token and returning a generated image URL. If network access is not explicitly declared, users and platforms may not realize the skill can transmit prompts and secrets off-platform, creating a transparency and permission-boundary problem. In this context, the skill is specifically for remote image generation, so undisclosed network capability is materially relevant rather than incidental.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior says the skill uses the Neta AI API, but the analysis indicates it actually talks to api.talesofai.com and supports reference-image-driven generation/editing not disclosed in the description. This mismatch is dangerous because users may provide prompts, tokens, or images under false assumptions about which third party receives their data and what operations are performed. In an image-generation skill, hidden external endpoints and undeclared image-editing/reference features increase the risk of unauthorized data sharing and deceptive credential handling.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill metadata/commentary says it uses Neta AI, but the implementation actually sends requests to talesofai.com. This kind of service mismatch is security-relevant because users may provide prompts and API tokens under false assumptions about which third party receives their data, undermining informed consent and trust boundaries.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises one API provider while the code transmits user input and authentication material to a different domain. This is a substantive trust and data-handling violation: a user may supply a token expecting it to be used with Neta AI, but it is instead sent to talesofai.com, creating risk of credential misuse, privacy exposure, and deceptive data exfiltration to an undisclosed service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly tells users to pass an API token on the command line. Command-line arguments are commonly exposed via shell history, process listings, audit logs, CI job logs, and shared terminal recordings, which can leak credentials to other local users or operators. In this skill's context, the risk is real because the token is required for API access and the documentation normalizes an unsafe handling pattern without any warning or safer alternative.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code sends the user's prompt and bearer-like token to a remote service without any in-code disclosure, confirmation, or warning. In a skill that asks for a token and potentially sensitive creative prompts, lack of transparent notice increases the risk of users unknowingly sharing secrets, personal data, or provider credentials with an external party.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal