ClawHub

doc-illustration-by-gpt-image-2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-generation skill, but users should be careful because prompts, document details, and chosen reference images can be sent to an OpenAI-compatible provider.

Install only if you are comfortable sending illustration briefs and selected reference images to the configured OpenAI-compatible provider. Use --dry-run first for private design docs, verify OPENAI_BASE_URL before live generation, avoid secrets or confidential architecture details in prompts, and delete JSON sidecars if they contain sensitive project context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to read environment variables, read local reference files, and invoke a bundled script, but it does not declare those capabilities or bound them with explicit permission requirements. In an agent environment, undeclared access to env/file surfaces can cause unintended secret exposure or broader filesystem interaction than a caller expects.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The description is broad enough to activate for many normal documentation or code-explanation tasks, increasing the chance the agent invokes an image-generation workflow when not clearly requested. Over-broad triggering can indirectly expose document contents, design notes, or repo context to an external API without sufficiently specific user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill enables implicit invocation without any visible trigger constraints, exclusions, or approval gates. In an agent environment, this can cause the image-generation skill to activate on loosely related document tasks and send sensitive technical content, design notes, or repository architecture details to the model/tool without an explicit user request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code sends the user-provided prompt and any reference images to a remote image-generation API, but the tool does not present an explicit warning, consent gate, or data-sensitivity check before transmission. In a documentation/engineering context, briefs and images can easily contain proprietary architecture details, internal notes, or sensitive screenshots, so silent external transmission creates a real confidentiality risk.

External Transmission

Medium
Category
Data Exfiltration
Content
## Model selection

- Use `gpt-image-2` for official OpenAI and for `https://aihubmix.com/v1`.
- Use `openai/gpt-image-2` for `https://api.ofox.ai/v1`.
- Default back to `gpt-image-2` unless a provider requires a namespaced model name.

## References
Confidence
93% confidence
Finding
https://api.ofox.ai/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal