ClawHub

OATDA Vision Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OATDA image-analysis wrapper that discloses its API key use and outbound image requests.

Install only if you trust OATDA and are comfortable sending selected images, screenshots, OCR targets, and prompts to its API and any downstream model provider it uses. Avoid submitting sensitive documents, secrets, regulated data, or private internal screenshots unless that sharing is acceptable, and keep the OATDA API key revocable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export OATDA_API_KEY="${OATDA_API_KEY:-$(cat ~/.oatda/credentials.json 2>/dev/null | jq -r '.profiles[.defaultProfile].apiKey' 2>/dev/null)}" && \
curl -s -X POST "https://oatda.com/api/v1/llm/image" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $OATDA_API_KEY" \
  -d '{
Confidence
90% confidence
Finding
curl -s -X POST "https://oatda.com/api/v1/llm/image" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $OATDA_API_KEY" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal