ClawHub

IMA AI Creative Content Generator — Image, Video, Music, Ad, Marketing, Social Media Content Creation

Security checks across malware telemetry and agentic risk

Overview

This skill largely does what it claims, but its broad auto-activation text and broader-than-described local history make it worth reviewing before use.

Review before installing if you use paid IMA credits or private media. Use a scoped/test IMA key first, avoid passing sensitive local files unless you intend to upload them to IMA/CDN storage, and periodically inspect or delete ~/.openclaw/memory/ima_prefs.json and ~/.openclaw/logs/ima_skills/ if you do not want local usage metadata retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The script stores per-user preference data in ~/.openclaw/memory/ima_prefs.json, but this persistence is outside the advertised content-generation behavior and is not clearly disclosed to users. Undisclosed local retention can expose usage history or model preferences to other local users, backup systems, or tooling that reads the agent memory directory.

Description-Behavior Mismatch

Low
Confidence
95% confidence
Finding
The script accepts local file paths and automatically uploads those files to an external CDN, which is a data-transfer behavior beyond simple content generation and may surprise users. If a user provides a sensitive local image by mistake, the file is transmitted off-device to a third-party service, creating confidentiality and compliance risks.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The keyword file is extremely broad and repetitive, covering generic phrases like AI content generator, marketing content, social media content, and ad creation across many common user intents. This can cause over-triggering on ordinary creative or marketing requests, routing users into this skill without clear user intent or tight activation boundaries, which increases the chance of unintended invocation and misuse of powerful content-generation capabilities.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill hard-codes `x_app_language: en` for all API requests, which can override user locale and cause prompts, errors, or generated content handling to be processed in a language the user did not choose. This is primarily a privacy/UX and policy-consent issue rather than a direct exploit path, but it can lead to unintended data handling and misleading outputs for multilingual users.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
At the upload point, any non-URL input is automatically treated as a local file and sent to the remote CDN without a strong warning or confirmation gate. In a skill that may be used by non-expert users, this creates a meaningful risk of unintended exfiltration of private local media.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal