ClawHub
Back to skill

Security audit

Image Craft

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only image generation skill whose main risks are expected image-tool processing and somewhat broad activation triggers, not hidden code or privileged access.

Reasonable to install for image generation. Avoid providing sensitive personal, confidential, or regulated images unless you are comfortable with platform image tools analyzing them, and be aware that generic image-related words may activate the skill when your request is ambiguous.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill metadata and description present the capability as image generation, but the workflow explicitly authorizes `web_search` for cities, brands, and movie scenes. This creates a scope mismatch that can surprise users and reviewers, and may cause unintended outbound data access or policy bypass if user inputs are sent to external lookup tools without clear disclosure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger keywords include broad everyday terms such as 'room,' 'product,' 'brand,' 'scene,' and '3D,' which can cause the skill to activate for ordinary conversations unrelated to the user's intent. Over-broad activation increases the chance of unintended tool use, accidental prompt routing, and unexpected processing of user content.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The routing logic maps generic words like 'city,' 'room,' 'scene,' 'brand,' and 'style' directly to generation categories without sufficient disambiguation. In context, this makes the skill more dangerous because it can automatically proceed toward image generation, UI flows, image analysis, or web search based on ambiguous language that commonly appears in normal chat.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal