ClawHub

Ms Qwen Vl

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: analyze user-selected images through ModelScope, with normal privacy and dependency cautions.

Install this only if you are comfortable sending the images and prompts you choose to ModelScope for processing. Keep the ModelScope API key in a protected environment variable or .env file, avoid passing secrets on the command line, and use a virtual environment with patched current dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions while instructing the agent to use environment variables and invoke a Python script that processes user-supplied files, creating capabilities beyond what is transparently disclosed. This can mislead users and reviewers about access to local files and secrets, reducing informed consent and weakening guardrails around file and environment use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes sending local images and image URLs to a third-party multimodal API, but it does not warn users that image contents and embedded metadata may leave the local environment and be processed remotely. In a vision/OCR skill, users may upload screenshots, documents, IDs, or other sensitive material, so the omission can lead to unintentional disclosure of private or regulated data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly supports local image paths and remote image URLs but does not clearly warn that the image contents will be transmitted to the external ModelScope API for processing. This creates a privacy and data-handling risk because users may provide screenshots, documents, or other sensitive images without realizing they are being sent off-device to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation shows how to encode a local image as base64 and use it with a remote ModelScope API, but it does not clearly warn that the full image contents will be transmitted to a third-party service. In a multimodal vision skill, users may reasonably pass screenshots, IDs, invoices, or other sensitive images, so the omission can lead to unintended disclosure of personal or confidential data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends either a remote image URL or a locally encoded base64 image to ModelScope's external API, but the CLI does not clearly warn the user at invocation time that image contents will leave the local environment. This creates a real privacy and data-handling risk, especially for sensitive screenshots, documents, or internal images, because users may treat the tool like a local analyzer when it is actually a cloud upload client.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 安装方式: pip install -r requirements.txt

# OpenAI SDK (用于调用 ModelScope API)
openai>=1.0.0

# 图像处理库
Pillow>=9.0.0
Confidence
90% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0

# 图像处理库
Pillow>=9.0.0

# 环境变量加载
python-dotenv>=1.0.0
Confidence
96% confidence
Finding
Pillow>=9.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pillow>=9.0.0

# 环境变量加载
python-dotenv>=1.0.0
Confidence
84% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
Pillow

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
75% confidence
Finding
python-dotenv

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal