ClawHub

Re Blog Image

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to generate blog thumbnails, but it handles credentials and modifies local blog metadata in ways that are broader than the description makes clear.

Review this skill before installing. It is not clearly malicious, and VirusTotal/static scan did not show malware, but it asks an agent to print an API key, source your shell startup file, install packages, send prompts to an image service, and edit matching blog metadata files. Only use it if you are comfortable with those actions, and prefer a version that masks credential checks and asks before changing existing JSON metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s declared purpose is image generation, but it also instructs the agent to locate and modify JSON files under ~/blog-meta. This expands scope from creating a new output file to editing existing user data without clearly declaring that behavior, increasing the risk of unintended file tampering or incorrect metadata updates.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Instructing the agent to source ~/.zshrc grants access to far more than the single API key needed for image generation, potentially exposing unrelated secrets, aliases, shell hooks, or executing arbitrary shell code. For a thumbnail-generation skill, this is broader credential and file access than necessary and creates unnecessary risk.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The troubleshooting steps instruct the agent to print `NANO_IMAGE_API_KEY` and suggest exporting a raw API key directly in the shell. This can expose credentials in agent output, logs, shell history, or downstream telemetry, which is dangerous because the skill is otherwise just for thumbnail generation and does not require revealing secrets to the user.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly checks for and attempts to retrieve a sensitive API key, including from ~/.zshrc, without warning the user that credential access will occur. Hidden secret access reduces user awareness and consent, and in this context is more dangerous because the skill is framed as simple media generation rather than credential-handling automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description says it generates and saves a thumbnail image, but the workflow also writes files and modifies existing JSON metadata under ~/blog-meta. Omitting these side effects from the description can mislead users about the real scope of filesystem changes and makes accidental or unauthorized modification more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The canonical command sends the user-provided topic prompt to an external image-generation service, but the reference gives no warning that prompt contents may leave the local environment. This creates a privacy and data-handling risk if users provide confidential blog topics, client names, unreleased product details, or other sensitive content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The troubleshooting guidance handles an API key insecurely by telling the agent to display it and by providing copy-paste instructions that normalize direct secret entry in the shell. Without any caution about masking, storage, logs, or history, this significantly increases the chance of credential leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal