ClawHub

图片姬

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent image-prompt and visual-design skill, with some broad triggers and confirmation-skip shortcuts users should use deliberately.

Install if you want an agent to help create image prompts and visual-design outputs. Use explicit commands when skipping confirmation, review inferred style/audience/structure before using the generated prompt for important work, and avoid giving the skill sensitive files or private reference material unless you intend those details to be used in generated prompt files or browser-backed workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger metadata is very broad ('图像prompt生成、插图创作、风格定制、视觉设计、系列图像统一、图片生成') and does not define clear activation constraints, so the skill may be invoked in many loosely related contexts. Because the skill also has Read/Write/Edit and BrowserUse permissions, overbroad activation increases the chance it is selected when not necessary, expanding attack surface and creating opportunities for unintended file access, content modification, or web actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "直接生成" is common natural language and is mapped to a privileged fast path that skips the normal confirmation step. This can cause unintended mode switching when a user is speaking casually, leading the agent to generate outputs before the user has reviewed inferred parameters or safety-relevant assumptions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The phrase-matching rules are broad and context-free, allowing ordinary user utterances to be interpreted as binding workflow commands. In an agent setting, this increases the chance of accidental or adversarial prompt steering, where embedded or quoted text can switch modes, select options, or bypass deliberation without clear user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Allowing the workflow to skip confirmation and directly produce a prompt removes an important user-verification checkpoint. In this skill, the system autonomously infers style, audience, structure, and other parameters, so bypassing review makes incorrect, unsafe, or manipulable inferences more likely to be acted on without user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal