ClawHub

cosmetic-detect

Security checks across malware telemetry and agentic risk

Overview

This skill does not run code, but it is designed to make sensitive and potentially stigmatizing judgments about people from photos.

Review carefully before installing. The main risk is not malware or account access; it is that the skill encourages agents to infer ethnicity, age, cosmetic history, and naturalness from photos. Use only with clear consent, avoid third-party or private-person analysis, and do not use outputs for harassment, reputation judgments, medical conclusions, employment, or other consequential decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the model to infer apparent ethnicity/ancestry from an image and use that inference as an analysis baseline. Inferring sensitive demographic attributes from photos is beyond what is necessary to assess visible signs of cosmetic procedures and creates a direct pathway for sensitive-trait classification and profiling.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The cross-region coherence step asks the model to judge whether features align with a 'consistent genetic background,' which operationalizes racial/ethnic classification as part of the task. This expands the skill from cosmetic-procedure analysis into sensitive demographic inference and could produce harmful or discriminatory outputs under the guise of technical assessment.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The required output includes an 'ethnic baseline reference,' ensuring that sensitive-attribute assessment is surfaced to the user as part of the result. Making this a mandatory output materially increases harm because it standardizes and repeatedly exposes protected-attribute inference in normal operation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad and colloquial, making accidental activation more likely in ordinary conversations or ambiguous photo-analysis requests. In this skill's context, over-triggering is risky because the skill performs highly sensitive appearance judgments and could initiate invasive analysis without sufficiently clear user intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
This reference file operationalizes image-based detection of cosmetic procedures and medical/aesthetic history without any guardrails around consent, privacy, uncertainty, or the inadvisability of inferring sensitive health-related information from appearance alone. In the context of a skill explicitly marketed to judge whether someone has 'had work done' and assign a 'naturalness score,' the omission materially increases the risk of invasive profiling, defamation, harassment, and non-consensual medical inference.

Ssd 4

Medium
Confidence
93% confidence
Finding
The workflow systematically escalates from visual inspection to sensitive identity/body inferences and culminates in a 'naturalness score,' which encourages speculative judgments about a person's body and identity. This framing can normalize invasive biometric-style assessment and increase the likelihood of stigmatizing, demeaning, or privacy-invasive outputs, especially for third-party subjects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal