ClawHub

Dlazy Webtoon Adapter

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly harmful, but it mixes a webtoon-writing helper with local command execution, third-party image generation, and stored API credentials in a way users should review carefully.

Install only if you are comfortable with a local npm CLI, a stored dLazy API key, prompts or media being sent to dLazy services, and the agent running explicit dlazy generation commands after your confirmation. Use npx or an environment variable if you do not want a persistent global install or saved key, and review each command before allowing it to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill’s declared purpose is novel-to-webtoon script adaptation, but the later section abruptly instructs the agent to execute terminal commands for image generation using an external CLI. This expands the operational scope from text-only content transformation into code/command execution and networked media generation without clear necessity, increasing the attack surface and enabling unintended tool use under adversarial prompts.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Image-generation and shell execution capabilities are not justified by the skill’s stated function of adapting novels into webtoon scripts. Unnecessary command execution instructions can be abused to trigger external actions, consume paid API resources, upload data to third-party services, or create a bridge from benign content work into potentially unsafe system interaction.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The file states that the agent cannot read or write local files and should output content directly in conversation, but later operational instructions direct terminal-based execution through a CLI. This contradiction weakens operator trust and can mislead users or orchestrators about the true capabilities being invoked, causing unsafe assumptions about file, network, and execution boundaries.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill’s declared purpose is web novel to webtoon adaptation, but the later instructions pivot into terminal-driven image generation with a locally installed CLI. This creates a hidden capability expansion: an agent invoked for text adaptation may instead run commands and contact external services, violating user expectations and increasing the risk of unsafe command execution and unintended data disclosure.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to execute terminal commands using the dlazy CLI for image rendering, even though that capability is not necessary for adapting a novel into a webtoon script. Unnecessary command execution broadens the attack surface by enabling local system actions, use of stored API credentials, and outbound network access under a misleading skill context.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The file states that the skill cannot read or write local files, yet other sections require a locally installed CLI, local config storage, and terminal execution. This contradiction is security-relevant because it can mislead users and reviewers about the real privileges and data exposure of the skill, especially regarding local credential storage and command-side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to run terminal commands on the user’s system, but this behavior is not clearly disclosed in the primary skill description and framing. Hidden or under-disclosed command execution undermines informed consent and can lead users to invoke a seemingly harmless writing skill that actually performs local actions and external API calls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal