ClawHub

Digen Ai Free

Security checks across malware telemetry and agentic risk

Overview

The media-generation client is plausible, but the package also ships runnable bot/key-issuing components with hardcoded live-looking secrets and weak credential handling.

Install only after reviewing the bundled assets. Do not run the Discord or Telegram bot scripts as-is, do not rely on packaged credentials, and prefer a cleaned version that removes hardcoded secrets, restores TLS verification, avoids plaintext API-key storage, and clearly explains what prompts/files are sent to DigenAI and TinyURL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (23)

Tainted flow: 'MASTER_API_KEY' from os.getenv (line 31, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
def create_api_key() -> str:
    """Create a new API key using master key"""
    try:
        r = requests.post(
            f"{API_BASE}/b/v1/api-key/create",
            headers={"Authorization": f"Bearer {MASTER_API_KEY}"},
            timeout=30
Confidence
98% confidence
Finding
r = requests.post( f"{API_BASE}/b/v1/api-key/create", headers={"Authorization": f"Bearer {MASTER_API_KEY}"}, timeout=30 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation advertises capabilities that imply network access, environment-variable use, file operations, and possibly script execution, yet no explicit permissions are declared. This creates a transparency and least-privilege problem: users and the host platform may not realize the skill can access secrets, read/write local files, or make outbound requests, increasing the chance of unsafe execution or overbroad trust.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
This is a significant description-behavior mismatch. The skill claims to be an image/video generator, but the documented associated components include API-key issuing bots, persistent user-to-key mapping, master-key-based key creation, use of undocumented/alternate APIs, and exposure of hardcoded secrets; these materially expand the trust boundary and can enable credential leakage, unauthorized key issuance, and abuse of backend services.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file implements a Discord bot that distributes API keys, while the declared skill purpose is image/video generation. This mismatch is dangerous because it introduces credential issuance functionality that expands the attack surface and can be used to mint or distribute access outside the expected media-generation workflow.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This code can create new API keys using a master credential, which is a privileged administrative capability unrelated to the stated end-user generation function. In skill context, this is especially risky because a packaged skill should not embed or expose infrastructure for credential minting, and compromise or misuse could lead to uncontrolled account creation and service abuse.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The bot stores a local mapping of Discord users to issued API keys in a JSON file, creating a credential database unrelated to the stated media-generation purpose. If the host is compromised or the file is mishandled, attackers can recover issued keys and correlate them to user identities.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The landing page explicitly advertises text-to-video support, while the skill metadata says only image and video generation with video via image-to-video is supported. This kind of capability inflation can mislead users and downstream agents into invoking unsupported or differently permissioned behaviors, which is a security and trust issue even though it is primarily deceptive rather than a direct code-execution flaw.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This file's behavior materially differs from the advertised skill purpose: instead of generating images or videos, it acts as a credential distribution bot. That mismatch increases supply-chain and trust risk because users installing a media-generation skill would not reasonably expect Telegram-based API key provisioning and local credential storage.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The code provisions API credentials tied to Telegram identities, which is unrelated to the core image/video generation behavior described by the skill. This expands the data-collection and account-management surface unnecessarily and could enable unauthorized key issuance, user tracking, or misuse of issued credentials.

Description-Behavior Mismatch

Medium
Confidence
68% confidence
Finding
The metadata says the skill supports image-to-video and text-to-image, but the code also supports text-to-video. That capability mismatch can bypass user or platform expectations about what actions the skill may perform, increasing the chance of unauthorized remote requests and policy evasion.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Very broad trigger phrases such as 'generate image' and 'generate video' can cause the skill to activate on common user requests, potentially routing prompts, files, or images to this external service unintentionally. In context, that matters because the skill performs remote generation and may upload user-supplied content, so accidental invocation can lead to privacy, cost, and consent issues.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly describes uploading local image files to a remote API but does not clearly warn users that their files will leave the local environment and be transmitted to a third party. This omission undermines informed consent and can expose sensitive images, metadata, or proprietary content to external processing and retention policies.

Missing User Warnings

High
Confidence
99% confidence
Finding
When DM delivery fails in the `mykey` command, the exception handler falls back to sending the embed containing the API key into the originating channel, which may be public. This can immediately expose user credentials to other channel members and enable unauthorized use of the service.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script contains hardcoded live secrets for both a Discord bot token and a master API key, then exports them into the process environment. Anyone who can read the repository, skill package, logs, or process environment may recover these credentials and use them to impersonate the bot, access privileged APIs, or abuse the associated accounts and billing.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script hardcodes and exports a Telegram bot token and a master API key directly in the file, which exposes live secrets to anyone who can read the repository, logs, backups, or process environment. Because one secret is explicitly named MASTER_API_KEY and the skill is network-enabled, compromise could allow unauthorized bot control and abuse of the upstream DigenAI service account.

Missing User Warnings

Low
Confidence
87% confidence
Finding
Launching the Telegram bot process without any user-facing disclosure hides that running this script will initiate network-connected bot activity using the exported credentials. In this skill context, that is more dangerous because the bot interfaces with Telegram and an external generation API, so users may unknowingly run a persistent network service that can send or receive remote commands.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script hardcodes and exports a Telegram bot token and a master API key directly in plaintext, making them trivially recoverable by anyone with access to the repository, logs, backups, or the local filesystem. Because these secrets appear to grant control over a bot and backend API access for an image/video generation service, exposure could enable unauthorized API usage, account abuse, data access, impersonation, and cost-incurring actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User API keys are persisted in a local JSON file without protection, which exposes sensitive credentials to other local users, backups, logs, or accidental publication. The lack of disclosure also means users are not informed that their issued secrets and Telegram-linked metadata are being retained.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The bot sends a sensitive master credential in an Authorization header to an external service to create user keys, but this sensitive operation is not clearly disclosed in user-facing behavior. In context, the bigger issue is not that an auth header is used, but that a highly privileged secret is centrally handled by a bot that also distributes downstream credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts a bearer token and session ID directly as positional command-line arguments, which commonly exposes secrets through shell history, process listings, audit logs, and job runners. In this skill’s context, those credentials authorize access to the DigenAI service, so accidental disclosure could let another local user or monitoring system reuse them to submit requests or access the associated account/session.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This function can upload arbitrary local file contents to a third-party API with no built-in confirmation, path restrictions, or explicit disclosure at the call site. In an agent setting, that raises meaningful exfiltration risk if a prompt or higher-level workflow can influence the file path.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The video-generation path sends prompts, image URLs, and optional webhook URLs to an external service without any user-facing disclosure in code. In an agent skill, silent transmission of user prompts and callback endpoints can expose sensitive data or trigger unintended outbound integrations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script requires the API token and session ID as positional command-line arguments, which can expose secrets through shell history, process listings, job control tools, and logging systems. In the context of a skill that accesses a remote media-generation API, leaked credentials could let other local users or monitoring systems reuse the account and consume quota or access associated resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal