ClawHub

Text To Image

Security checks across malware telemetry and agentic risk

Overview

This skill locally turns text into image files, and its disclosed file-writing behavior fits that purpose, though custom output paths should be used carefully.

Use the default tmp output for routine use. Only provide a custom output path when you intentionally want the generated image written there, and avoid paths that point to existing or sensitive files. Use custom font paths only with font files you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation indicates file read/write capability via a script that writes image files to a tmp directory and can also accept user-controlled output paths. When a skill performs filesystem operations without explicitly declaring permissions, the host may not apply appropriate review or sandbox expectations, increasing the risk of unintended file access or overwrite if the implementation is too permissive.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill manifest says output should be a temporary local file under the skill tmp folder, but the CLI also accepts an arbitrary --output path and writes to it without restriction. In an agent setting, this expands the write primitive beyond the declared boundary and could be abused to overwrite files elsewhere on the host, especially if the agent passes user-influenced paths.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description is extremely broad and includes many generic phrases in multiple languages, making the skill likely to trigger on common requests beyond a narrowly intended use case. Over-broad invocation increases the chance this file-writing skill is selected in inappropriate contexts, which expands exposure to misuse and can bypass user intent about which tool should handle content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal