ClawHub
Back to skill

Security audit

BizyAir 图生图(Image-to-Image)助手

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads a user-selected image to BizyAir to generate a new image, so users should only use it with images they are willing to share.

Install only if you are comfortable sending the chosen image, filename, prompt, and generated-task data to BizyAir/Alibaba OSS. Avoid sensitive or proprietary images, keep the BizyAir API key in an environment variable, and review any unpinned Python dependency before installing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad enough to match many normal image-editing requests, which increases the chance the skill activates unexpectedly. In this skill, accidental activation is more concerning because it can lead to local-image upload and external API use without the user clearly understanding they are invoking a third-party transfer workflow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly uploads local user images to BizyAir servers but does not require a clear user-facing privacy notice or consent step before transfer. Because images may contain sensitive personal, corporate, or embedded metadata, silent upload to a third party creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads a local image to BizyAir/Alibaba OSS and submits the user's prompt to external services, but only provides operational status messages rather than explicit consent or privacy notice. This creates a real privacy and data-handling risk, especially because local images may contain sensitive content, metadata, or proprietary information and users may not realize they are leaving the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.