ClawHub

Kimi K2.5 Vision

Security checks across malware telemetry and agentic risk

Overview

This vision skill mostly does what it claims, but it needs Review because it automatically reuses local API keys, can print a recovered key in full, and uploads images to DashScope.

Install only if you are comfortable sending selected images and prompts to DashScope and allowing the skill to reuse DashScope/OpenClaw API keys. Avoid running it in shared or logged terminals unless the secret-printing line is patched to redact the key, and prefer supplying a dedicated API key explicitly for this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes capabilities to read environment variables and local OpenClaw configuration files, then use the recovered API key for outbound network requests, but it declares no permissions. That mismatch is security-relevant because it hides sensitive data access and network behavior from reviewers and users, reducing informed consent and increasing the chance of secret exfiltration through an apparently harmless image-recognition skill.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill automatically harvests API credentials from unrelated local OpenClaw configuration and cache files instead of requiring an explicit, user-scoped credential input. This broad credential discovery increases the chance of unauthorized use of a locally available secret and makes the skill capable of acting with privileges the user did not intentionally grant for this invocation.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger condition includes broad natural-language behavior such as activating when the model returns 'no media-understanding provider' or when the user asks for image analysis. Overly broad triggers can cause the skill to run unexpectedly, which is more dangerous here because the skill may access local configuration and secrets and initiate external API calls without a clearly bounded invocation path.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill reads API keys from local config/cache and uploads full image contents to a third-party API without an explicit runtime warning or consent flow. In a skill context, this is sensitive because users may assume local-only image handling while the code silently transmits potentially private screenshots, documents, or UI captures off-host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal