ClawHub

BizyAir GPT_IMAGE_2 API 出图

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate image-generation integration, but it needs review because it exposes part of an API key in logs and uses broad local shell/permission behavior around a third-party API.

Review this skill before installing if you will use sensitive prompts, private image URLs, or a paid API key. It should stop printing any part of the API key, narrow its chmod/shell permissions, and clearly ask before sending private content to BizyAir.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill directs the agent to invoke local shell scripts, but the manifest does not declare shell/code execution permissions. This creates a capability mismatch that can bypass least-privilege expectations and make risky execution harder to audit or constrain. In this context, the shell is used to call a remote API and process user-controlled prompts/URLs, so undeclared execution increases operational and security risk.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly allows shell execution via `Bash(chmod +x *)`, which is unrelated to the stated purpose of AI image generation. Even though `chmod` is not arbitrary command execution, recursively or broadly marking files executable can change trust boundaries, enable later execution of dropped scripts/binaries, and is an unnecessary privilege in a skill that should only call an image API.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger description is overly broad, including generic phrases like '帮我画一张' and '生成图片', which can cause the skill to activate in unintended contexts. Over-triggering is dangerous because this skill performs shell-based actions and sends user content to an external service, so accidental invocation can lead to unexpected data transmission or costly operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits the user prompt and reference image URLs to a third-party remote API, but it does not provide an explicit user-facing notice or consent step before sending potentially sensitive content off-host. In an agent skill context, users may assume local processing, so silent external transmission can expose confidential prompts, internal image links, or private resources to the vendor and to any systems able to access the supplied URLs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script prints the first 8 characters of the API key to the console, which is unnecessary exposure of credential material. Partial secrets can still aid correlation, fingerprinting, log leakage, and debugging artifacts, especially in shared terminals, CI logs, or agent transcripts that may be stored or viewed by others.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the first 8 characters of the API key to user-visible output. Even partial secret disclosure can aid credential identification, correlation across logs, or targeted guessing, and it unnecessarily exposes sensitive material in terminals, CI logs, or agent transcripts.

External Transmission

Medium
Category
Data Exfiltration
Content
| 参数 | 值 |
|------|-----|
| 端点 | `https://api.bizyair.cn/w/v1/webapp/task/openapi/create` |
| web_app_id | `52416` |
| 模型 | BizyAir_GPT_IMAGE_2_T2I_API |
| 提示词键 | `4:BizyAir_GPT_IMAGE_2_T2I_API.prompt` |
Confidence
78% confidence
Finding
https://api.bizyair.cn/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal