ClawHub

Image Amazon Product Image Suite

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrapper for a third-party image-generation CLI, with real credential and upload risks but no artifact-backed deception or malicious behavior.

Install only if you are comfortable using dLazy's CLI and cloud service. Review the @dlazy/cli package/source first, use npx or an environment variable if you do not want a persistent global install or saved API key, and upload only product media you are willing to send to dLazy's servers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill directs the agent to install and use an external CLI and later explicitly frames the agent as able to execute terminal commands to perform the task. That creates a real trust-boundary violation: a content-generation skill causes code/package execution, remote API access, credential handling, and potential local file interaction, all of which are materially riskier than the stated design task requires.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation minimizes risk by claiming the skill itself will not exceed scope, but the described behavior includes uploading local media, sending prompts to remote endpoints, and persisting API keys locally. This misleading framing can cause users or agents to underestimate the real data-exfiltration and secret-handling risks and proceed without appropriate safeguards.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill claims it will not overreach network or filesystem access, yet its own instructions direct the agent to run a third-party CLI that stores API keys locally and uploads local media to remote endpoints. This mismatch is dangerous because it can mislead operators about the real trust boundary, causing unreviewed credential storage and unintended data exfiltration of local files to external services.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest presents a narrow image-design skill, but the embedded behavior turns it into a wrapper for executing external terminal commands against a SaaS provider. That gap matters because users may invoke the skill expecting design guidance, not shell execution, package installation, authentication, network access, and remote content transfer.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly requires the agent to execute terminal commands, install or invoke a third-party CLI, and perform synchronous command execution as part of normal operation. In an agent environment, this expands the attack surface from content generation to code/package supply-chain risk, credential handling, local file access, and outbound network operations that are not strictly necessary for a documentation-level image-design skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal