ClawHub

Taizi Alicloud Ai Image

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is broadly coherent, but users should be aware it can use local DashScope credentials, write generated images locally, and send requested results back through Telegram/channel messaging.

Install only if you intend to use Alibaba DashScope/Qwen image generation and are comfortable giving the helper access to your DashScope API key sources. Use explicit output paths in a workspace you control, avoid passing sensitive reference-image paths unless intended, and only allow Telegram/channel delivery when you deliberately want the generated image sent back to that requester.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents and enables use of environment variables, local file I/O, and network access, but it does not declare permissions or clearly constrain those capabilities. That mismatch weakens review and sandboxing because downstream systems or users may trust the skill as lower-privilege than it really is, increasing the chance of unintended credential access, file writes, or outbound requests.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill's stated purpose is image generation, but it additionally instructs the agent to send generated files through a messaging tool to Telegram, including extracting sender identifiers from conversation metadata. This expands the operational scope into cross-channel message delivery and creates a data-exfiltration and confused-deputy risk if an agent follows these instructions without explicit user authorization or strict target validation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal