ClawHub

Alicloud Ai Image Qwen Image

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud image-generation skill, but its helper can upload any local file path supplied as a reference image to DashScope without validation or confirmation.

Install only if you intend to use Alibaba Cloud DashScope and can control what requests the agent sends. Use a scoped API key, avoid passing local paths in reference_image unless you have inspected them, keep sensitive files outside the agent's reachable workspace, and treat generation requests as external, potentially billable uploads rather than read-only checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documents and invokes capabilities including environment-variable access, filesystem reads/writes, and outbound network calls, yet it declares no permissions boundary. That mismatch can cause downstream systems or reviewers to underestimate what the skill can do, weakening policy enforcement and increasing the chance of unauthorized data access or exfiltration.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The workflow advises a 'minimal read-only query' to verify connectivity, but image generation is not read-only and usually incurs cost or creates provider-side artifacts. This misleading guidance can cause operators or agents to perform unintended billable or mutating actions under the assumption they are safe health checks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs saving prompts, image URLs, and metadata to disk without warning that prompts may contain personal, confidential, or otherwise sensitive content. Persisting this data by default increases the risk of privacy leakage, unintended retention, and disclosure through logs, shared workspaces, or backups.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The credential setup instructions tell users to place API keys in environment variables or a credentials file but omit basic handling precautions. Without explicit secure-storage and least-exposure guidance, users may place keys in insecure locations, commit them accidentally, or expose them through logs and shared environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
If reference_image is provided, the script forwards either the remote URL or local file bytes to the external DashScope service without an explicit confirmation or disclosure at the point of use. In an agent skill context, this can unintentionally exfiltrate sensitive local images or internal URLs to a third-party API when requests are constructed from untrusted or loosely reviewed inputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal