ClawHub

Autoglm Search Image

Security checks across malware telemetry and agentic risk

Overview

This image-search skill does what it says, but it automatically uses a local bearer token and sends it with search terms to a remote API without enough control or scope information.

Install only if you trust the publisher and understand the local token service. Running the skill will send your image search terms and a locally obtained bearer token to AutoGLM, so avoid confidential queries and verify that the token is narrowly scoped and short-lived.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill performs network operations, including calls to an external API and a local HTTP token service, but does not declare any corresponding permissions or user-facing security notice. This creates a transparency and consent problem: the agent may access local credentials and transmit data over the network without explicit disclosure, which increases the risk of unintended token use or data exfiltration.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation states that a bearer token is automatically retrieved from a localhost HTTP service and then used for remote API requests, but it does not warn the user that local credentials will be accessed and transmitted. Even though the endpoint is bound to 127.0.0.1, automatic token harvesting from a local service is security-sensitive and can expose privileged credentials to unintended skills or workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script automatically retrieves an authorization token from a local HTTP endpoint and then sends that token along with the user's query to a remote service, but it provides no user disclosure or consent prompt about that data flow. Although the remote API call itself uses HTTPS, the token acquisition occurs over plain HTTP on localhost, which reduces transport assurances and can expose sensitive credentials or query data to local interception, proxying, or misuse by other local processes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal