ClawHub

Codex Imagen

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses local Codex/OpenClaw OAuth credentials to call OpenAI image generation and save the resulting images locally.

Install only if you are comfortable letting this skill use your local Codex/OpenClaw OpenAI OAuth profile for image generation. Do not attach private images, documents rendered as images, or sensitive prompts unless you intend to send them to the OpenAI/Codex backend. Keep the default OpenAI endpoints unless you fully trust a custom backend, and use explicit auth/profile options or --no-refresh when you need tighter control over which credential store is used or modified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports uploading local reference images and making OAuth-authenticated requests to remote services, but it does not prominently warn users that local files and prompt contents will be transmitted off-host. In an agent setting, this can cause unintentional disclosure of sensitive images, documents rendered as images, or metadata because callers may treat the helper as a local-only image tool.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that the CLI may automatically refresh OAuth tokens and write updated credentials back to discovered auth files, but it does not clearly warn that running the tool can modify credential stores on disk. In shared agent environments, silent credential mutation can surprise operators, interfere with other processes, or alter which identity remains authenticated, increasing the risk of credential misuse or operational confusion.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal