ClawHub

NexPix — Cloudflare Image Generation

Security checks across malware telemetry and agentic risk

Overview

NexPix is a coherent image-generation skill, but it needs review because paid fallback can send prompts to EvoLink without a separate confirmation.

Install only if you are comfortable with prompts being sent to Cloudflare and, when an EvoLink key is configured, potentially to EvoLink with per-image cost. Avoid sensitive prompts, monitor or delete the local tracking file if retention matters, and do not rely on the documented workers-ai route as a hard no-paid-fallback control without reviewing or changing the code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill requires environment-based secrets such as a Cloudflare API token and optional EvoLink API key, but the manifest does not declare permissions or clearly communicate that secret access is needed. Undeclared secret access weakens reviewability and user consent, making it easier for a skill to access or misuse sensitive credentials without clear authorization boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented behavior expands beyond simple image generation into local file persistence, tracking, and worker deployment, while also overstating supported interfaces such as CLI and messaging integrations. This mismatch undermines informed consent and security review because users may install the skill expecting only generation functionality, not local data retention or deployment-related capabilities.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill stores generated images and detailed usage history on local disk, but this persistence is not clearly disclosed in the primary description or warning surface. Undisclosed local retention can expose sensitive prompts, generated content, file paths, and usage metadata to other local users, backups, or later compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The generate() error-handling path silently falls back from the free provider to EvoLink, which sends the user's prompt to a different third-party service and may incur paid usage without explicit user confirmation. In a skill context, this is a real trust and spending-risk issue because prompts can contain sensitive data and the fallback also writes generated files locally.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation explicitly states that emitting `MEDIA:<path>` causes generated images to be automatically sent to the active messaging channel without any additional confirmation or delivery logic. In a messaging-integrated skill that generates content from prompts, this creates a real risk of unintended disclosure, spam, or delivery of sensitive/offensive content to the wrong audience if the active channel context is broader than the operator expects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal