ClawHub

Prompt Wizard

Security checks across malware telemetry and agentic risk

Overview

Prompt Wizard is mostly a prompt-generation skill, but its library and update flow expose users to review-worthy risks from unsafe example prompts and unpinned local library replacement.

Review before installing. The core prompt helper is understandable, but users should be comfortable with a command that runs a local updater and replaces the library from GitHub, and should avoid or remove examples that support forged records, fake social proof, non-consensual candid imagery, or sexualized young-looking subjects. VirusTotal was still pending and was not used as the basis for this verdict.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (53)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented primarily as an image-prompt generator, but it also includes a maintenance/update capability that executes an external update workflow and can modify local data and metadata. This broadens the trust boundary from prompt generation into code execution and filesystem/network side effects, which is security-relevant because users may invoke it expecting a read-mostly creative tool.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The `/wizard update-library` command explicitly runs a shell script and returns its output verbatim, turning a prompt-writing skill into a code-executing interface. If the script or its upstream content is compromised, or if users do not realize the command has execution side effects, this can lead to unintended remote fetches, local modification, or arbitrary command execution in the skill's environment.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Shell-script execution is not necessary for the core user-facing function of generating prompts, so embedding it in this skill increases attack surface without being tightly scoped to the advertised capability. In context, the danger is less about obvious maliciousness and more about unnecessary privilege and side effects hidden behind a creative-tool interface.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This prompt goes beyond a simple image-prompt library and instructs a full multi-step production workflow spanning script writing, storyboard generation, transitions, audio composition, and MP4 assembly. In a skill intended for image prompt authoring, including end-to-end automation can cause scope creep into tool orchestration, file generation, and potentially unauthorized external actions if an agent follows it literally.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The prompt explicitly asks the model to research a topic and make a detailed infographic, which exceeds the declared purpose of generating image prompts. In an agent skill, such instructions can trigger unsupported browsing, fact synthesis, or unverified content generation under the guise of prompt writing.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This case expands the skill from prompt-writing assistance into a full production pipeline for storyboard generation, video creation, music synthesis, and MP4 assembly. That scope drift is risky because users and downstream agents may treat the repository as authorization to perform broader media-generation actions than the skill metadata advertises, reducing safety checks and increasing misuse potential.

Description-Behavior Mismatch

Low
Confidence
93% confidence
Finding
The file includes an image-editing prompt that changes the total amount in an image, which is a document-style alteration use case rather than benign prompt ideation. Even as an example corpus, this normalizes deceptive editing capabilities and broadens the skill into manipulation of evidentiary or transactional-looking imagery.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This section includes prompts such as generating a 'true masterpiece' image and a social-media screenshot of an influencer, both of which can facilitate forgery, impersonation, or deceptive synthetic media. In a skill positioned as prompt help, showcasing such requests makes risky misuse easier by providing ready-made patterns for fraud-adjacent image generation.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The prompt explicitly requests a covert '偷拍' photo of a woman on the subway, which is non-consensual voyeuristic imagery. Including it as a case example meaningfully increases harm because it provides concrete phrasing for privacy-invasive and sexualized surveillance-style content unrelated to the skill's stated purpose.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The prompt '帮我生成xxxx真迹图片' explicitly asks for generation of an image presented as an authentic original work, which facilitates forgery and deception. In an image-prompt skill, shipping such examples normalizes fraudulent use cases and can be directly repurposed to create counterfeit art, documents, or collectibles.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The prompt asks to edit an image so the total amount changes to a specific baht value, which is a classic deceptive document/financial-image manipulation use case. Within a prompt-writing skill, providing this as an example materially increases the chance of fraud, misrepresentation, or tampering with receipts and proof-of-payment artifacts.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The prompt explicitly requests a偷拍/candid covert photo of a woman on public transit, which promotes voyeuristic non-consensual imagery. Even if synthetic, this kind of example encourages privacy-invasive and harassment-oriented content that is outside the stated purpose of a prompt-generation skill.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The livestream screenshot prompt sexualizes a 'beautiful woman' selling丝袜和内衣 and includes engagement/heat metrics suggestive of adult-content bait. While not the most severe issue in the file, it embeds sexually suggestive and potentially exploitative content examples unrelated to the skill's stated prompt-assistance purpose.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The file is for an image-prompt-writing skill, but this entry instructs a full end-to-end multimedia pipeline: script writing, storyboard generation, transition planning, video generation, music synthesis, and MP4 assembly. That unnecessarily expands the skill’s operational scope and can cause downstream agents or wrappers to attempt tool orchestration beyond the declared purpose, increasing misuse and policy-bypass risk.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This example encodes a concrete orchestration pattern for chained media generation and final artifact assembly, which is not justified by the skill’s stated purpose of generating ChatGPT Image 2 prompts. In agent settings, such latent workflow instructions can be repurposed to trigger unauthorized multi-step execution or capability creep, especially if the surrounding system auto-interprets examples as executable guidance.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This section includes prompts for forged or misleading visual artifacts such as fake screenshots and forged 'authentic' images, which can facilitate fraud, impersonation, and deception. In a skill whose stated purpose is prompt-writing for image generation, showcasing such examples normalizes unsafe use cases and may encourage downstream abuse.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The file demonstrates support for creating misleading visual artifacts beyond harmless image prompting, including forged outputs, fake UI/screenshots, and realistic depictions that could be used to deceive viewers. Because the skill is framed as a prompt assistant, these examples can directly enable social engineering, misinformation, and brand/platform impersonation at scale.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This section includes a surveillance-style prompt depicting a '偷拍照片' of a beautiful woman on the subway, which is privacy-invasive and sexualized. In the context of an image-prompt skill, this is dangerous because it legitimizes non-consensual voyeuristic content generation and could be used to produce harassing or exploitative imagery.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The multi-tool animated-short-film pipeline exceeds the declared scope of a skill intended to generate prompts for ChatGPT Image 2, creating capability ambiguity and increasing the chance of unsafe task expansion. While not directly harmful by itself, such scope creep can bypass user expectations and weaken security review boundaries for what the skill is supposed to do.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This case library includes a prompt to generate a '真迹' image, which explicitly suggests creating a forged-looking authentic artwork. In a skill positioned as prompt-writing help, documenting such a use case normalizes deceptive image generation and can enable fraud, forgery, or provenance deception.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented example edits an image to change a monetary total, which can facilitate receipt, invoice, or proof-of-payment manipulation. Even if framed as coin counting, it demonstrates alteration of financial evidence and exceeds benign prompt-authoring assistance.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file is for an image-prompt-writing skill, but this case explicitly instructs a full multimodal pipeline: script writing, storyboard generation, video clip production, audio scoring, and final MP4 assembly. That scope expansion can mislead the agent into performing actions and tool orchestration beyond the declared skill boundary, increasing the chance of unsafe capability creep and policy bypass through example-driven behavior.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The showcased workflow includes video generation and music synthesis capabilities that are unrelated to a prompt authoring skill for still images. In an agent setting, these examples can implicitly authorize broader orchestration behavior, causing the skill to overreach into external generation tasks and output assembly that were never justified or safety-reviewed for this skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file is labeled and described as a portrait-prompt case set, but a large section contains unrelated prompt templates for newspapers, magazines, product ads, UI mockups, signage, and collectible-figure scenes. This scope drift weakens policy boundaries and makes the skill more likely to be invoked for unsupported generation tasks, increasing the chance of unsafe or misleading outputs outside its stated purpose.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This prompt explicitly specifies an '18-year-old' girl in an intimate bedroom mirror-selfie context, which sexualizes a barely-adult youthful subject and creates a narrow margin from disallowed sexualized-young-person content. In a prompt library, such examples normalize high-risk age-coded erotic framing and may be adapted toward minors or used to evade safety checks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal