ClawHub

Image Social Carousel

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed social-carousel image workflow that uses the dLazy CLI and cloud API, with consent steps before generation, but users should understand that prompts/assets are sent to dLazy and the install uses @latest.

Install only if you are comfortable using dLazy's CLI and cloud service. Review the @dlazy/cli package/source first if supply-chain control matters, prefer npx over global install if you do not want persistent tooling, and do not submit confidential images, unreleased campaign assets, or sensitive API keys unless you trust the provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is presented as a design workflow, but it also instructs the agent to install and invoke an external CLI that sends prompts and local media to third-party services. This expands the trust boundary from planning into code/package execution and networked data transfer, creating supply-chain, data-exposure, and unintended-command risks if the environment or inputs are not tightly controlled.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill presents itself as limited to design decisions and structured intent output, but later directs the agent to draft prompts and execute image-generation commands. This contradiction expands the effective capability boundary of the skill and can cause an agent or reviewer to underestimate that the skill will trigger external command execution and networked content generation.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
A carousel-design workflow skill instructing the agent to execute terminal commands and invoke an external CLI exceeds the least-privilege expectations set by the manifest. In practice, this broadens the attack surface from content planning to local command execution and remote API use, which could be triggered in contexts where a user expects only design assistance.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The inclusion of terminal command execution is broader than necessary for a skill whose stated purpose is social-media carousel design. Even if the examples target image generation, granting command execution creates unnecessary capability expansion and increases the risk of misuse, prompt injection side effects, or unintended local actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The execution instructions tell the agent to run an external image-generation command but do not pair that step with a clear, immediate warning that prompts, assets, and possibly local file paths may be transmitted to third-party services. In a design skill that may handle user-provided images or branding assets, this omission can lead to uninformed data disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal