ClawHub

TensorLab Image

Security checks across malware telemetry and agentic risk

Overview

The skill is a real TensorsLab image tool, but its built-in guidance enables watermark removal and realistic face replacement without consent or misuse guardrails.

Review carefully before installing. Use only images you have rights and consent to modify, do not use it to remove third-party watermarks or impersonate people, and avoid uploading sensitive photos or confidential prompts unless you trust TensorsLab with that data and your API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly relies on environment variables, external network access, and shell commands, yet it does not declare those capabilities or permissions. This weakens transparency and reviewability, making it easier for a user or platform to underestimate the skill's access to secrets and its ability to send data off-host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to upload local images and prompts to TensorsLab's external API but does not clearly warn users about that data transfer. This can expose sensitive local images, embedded metadata, or confidential prompt content to a third party without informed consent.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill automatically saves generated or edited images to local disk, but the description does not clearly warn users that files will be written locally by default. Unexpected disk writes can expose sensitive outputs to other local users, backups, sync tools, or later accidental disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scenario explicitly instructs users how to remove watermarks and logos from images, but provides no restrictions, ownership checks, or warning about copyright and unauthorized modification. In this skill context, watermark removal is a high-risk editing capability because it can directly facilitate infringement, provenance stripping, and deceptive redistribution of content.

Missing User Warnings

High
Confidence
98% confidence
Finding
The face replacement workflow is designed to create a result that is 'natural and undetectable as an edit' while giving detailed instructions for swapping one person's face into another image. Without consent, anti-impersonation checks, or warnings, this materially enables deceptive identity manipulation, harassment, fraud, and non-consensual deepfake creation.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script sends user prompts, image URLs, and optionally local source image contents to a third-party API, but it does not present an explicit user-facing privacy warning or consent checkpoint. In an agent-skill context, users may not realize that potentially sensitive images or prompts are leaving the local environment, creating confidentiality and compliance risk.

Ssd 4

Medium
Confidence
92% confidence
Finding
The documentation normalizes watermark removal as a routine image-editing operation with ready-to-use prompts and commands, lowering friction for misuse. Because the skill is specifically an image editing tool, this guidance increases operational ease for deceptive content laundering and unauthorized removal of attribution marks.

Ssd 4

High
Confidence
97% confidence
Finding
The workflow presents face replacement as a standard enhancement task and provides step-by-step operational guidance for realistic, seamless identity substitution. In context, this is more dangerous than a generic editing feature because it explicitly optimizes for believable deception, making downstream impersonation and disinformation easier.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal