ClawHub
Back to skill

Security audit

Pindou Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with making bead-pattern images, but it normalizes storing API keys in source files and sends photos/prompts to a third-party image relay by default.

Review before installing. Use environment variables or a local untracked config instead of editing scripts with a real API key, prefer an endpoint you trust, and do not upload private or sensitive photos unless you accept that they may be sent to the configured image provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The README explicitly instructs users to place a real API key directly into source files and promotes use of a third-party relay endpoint for image generation. Hardcoded secrets are easily leaked via commits, screenshots, or local file sharing, and sending user prompts/images through an external relay increases confidentiality and supply-chain risk beyond what is necessary for a perler-pattern tool.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script is explicitly configured to send user-provided images and prompts to a remote OpenAI-compatible relay endpoint, which expands the skill beyond its stated perler-pattern generation purpose. In this skill context, users may reasonably expect local image processing; undisclosed third-party transmission creates a real privacy and scope-of-capability risk.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This code provides a generic image-editing client that can transform arbitrary user images using arbitrary prompts, which is materially broader than generating printable perler-bead patterns. Such unnecessary capability increases attack surface, enables unexpected data flows, and weakens the principle of least functionality for the skill.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script sends user prompts to a third-party endpoint (`api.bianxie.ai`) for image generation, which is an external data transmission path not obviously required by the skill’s stated purpose. In the skill context, users may expect local transformation of their photos into bead patterns, so undisclosed forwarding of user-supplied content to a remote provider creates privacy and trust risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The README tells users to replace `xxx` with their real API key in `scripts/edit.py` and `scripts/generate.py` without any warning about exposure. This creates a straightforward secret-handling weakness: users may commit credentials to source control or leave them embedded in distributable files, enabling account misuse and billing abuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads the full image and prompt to a remote API without any explicit user-facing disclosure or consent step at the point of transmission. Because this skill handles user photos, the omission is significant: sensitive personal or copyrighted content may be sent off-device unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code contains a hardcoded API credential and uses it to make outbound requests to a third-party service. Hardcoded secrets are easily leaked through source control, logs, packaging, or reuse across environments, enabling unauthorized use of the account and making incident response difficult.

Ssd 3

Low
Confidence
76% confidence
Finding
The skill instructs the agent to ask users for a local file path to their photo, which may reveal usernames, directory names, project names, or other sensitive filesystem details in plain text. In this context the risk is limited, but it still creates unnecessary exposure of local environment information that is not needed if safer upload/attachment mechanisms exist.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.