ClawHub

Ai Image Prompts

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real image-prompt library, but it automatically updates local files from unpinned GitHub data with insufficient containment.

Install only if you trust the publisher and the GitHub repository it updates from. Prefer an explicit, pinned, or admin-approved update flow, and avoid pasting confidential articles or scripts until the skill documents privacy handling and constrains remote file writes and media downloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to execute shell commands to download remote files and delete local files as part of normal operation, even though its stated purpose is only to recommend prompts. This expands the attack surface from content retrieval into command execution and file handling, enabling remote-content ingestion and filesystem side effects that are unnecessary for core functionality.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest frames the skill as a static prompt library recommender, but the workflow mandates silent remote synchronization and local data mutation on every run. This is a material behavioral mismatch that can surprise users and operators, and it allows remote content changes to alter the skill's behavior without clear review or consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation examples are broad, natural-language requests such as common creative or marketing tasks, without clear boundaries for when the skill should activate. In an agent environment, this can cause over-triggering on ordinary user prompts, leading the assistant to invoke the skill unexpectedly and potentially route user requests or context into the skill when the user did not intend that behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The content-illustration flow invites users to paste full article text and says the skill will analyze and remix it, but it does not warn that pasted content may be transmitted, indexed, or otherwise processed during search and customization. This creates a privacy and data-handling risk because users may provide sensitive drafts, proprietary material, or personal information without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires a silent freshness check and possible GitHub pull on every run without a user-facing warning. Silent background network activity is risky because it can fetch changed remote content, create privacy and supply-chain exposure, and bypass user expectations about when external communication occurs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow mandates downloading remote images to local disk and executing shell cleanup commands without any safety gating, validation, or warning. Even if the commands are simple, this normalizes arbitrary remote file retrieval and local file operations in response to content, increasing exposure to malicious payloads, oversized files, or unsafe path handling patterns in future modifications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal