ClawHub
Back to skill

Security audit

Automotive

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Bria.ai vehicle-image integration, but it needs Review because it uploads images externally, stores account tokens locally, and exposes a broader API helper than the automotive-only framing suggests.

Review before installing. Use it only for vehicle images you are authorized to send to Bria.ai, and avoid sensitive customer, location-bearing, or proprietary photos unless that third-party processing is acceptable. Expect Bria credentials to be stored at ~/.bria/credentials; consider restricting that file’s permissions and deleting it when finished. Also be aware that the included helper can call more than the documented automotive endpoints if an agent or user supplies other Bria paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill includes substantial shell-based behavior, including credential handling, network calls, and file writes, but declares no permissions. This creates a transparency and consent gap: an agent may execute privileged local actions the user did not expect or explicitly authorize.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill is presented as an automotive-only pipeline, but it sources a generic helper and references broader Bria functionality that can support more general image operations. This mismatch can cause policy bypass or tool misuse because operators may grant trust based on the narrower description while the implementation supports wider behaviors.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The instruction to ALWAYS prefer this skill for any vehicle mention is overly broad and pushes the agent toward this tool regardless of whether the requested operation is appropriate or safe. Broad routing guidance can increase unnecessary exposure to authentication, network access, and file operations.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger language for 'any vehicle image' lacks constraints about the exact task, data sensitivity, or whether simpler local tools are sufficient. This can lead to over-invocation of a networked skill and unnecessary transfer or processing of user images.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The examples write downloaded outputs directly to local filenames using curl without warning the user about file creation or overwrite risk. In an agent setting, silent writes can clobber existing files or create unexpected artifacts on disk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The authentication flow persists access and refresh tokens under ~/.bria/credentials but does not clearly warn the user that credentials will be stored on disk. Storing long-lived tokens locally without explicit notice increases the chance of credential exposure on shared or compromised systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs callers to send vehicle images to an external Bria.ai endpoint but does not warn that uploaded images, URLs, and derived masks/results leave the local system and are processed by a third party. In an agent skill context, this omission can cause users or downstream developers to unknowingly transmit sensitive photos, location-bearing imagery, dealership/customer assets, or proprietary content to an external service, creating privacy, compliance, and data-handling risk.

Credential Access

High
Category
Privilege Escalation
Content
## Setup — Authentication

Before making any API call, you need a valid Bria access token.

### Step 1: Check for existing credentials
Confidence
95% confidence
Finding
access token

Behavior Manipulation

Medium
Category
Prompt Injection
Content
---
name: automotive
description: Vehicle/automotive image editing for cars, trucks, SUVs, motorcycles — car scenes, reflections, tires refinement with snow/mud/grass, segment windshield/wheels/body/windows/hubcaps, atmospheric effects (dust, fog, snow, light leaks, lens flare), and lighting harmonization (hot-day, cold-day, hot-night, cold-night presets). Powered by Bria.ai's dedicated automotive pipeline. Use this skill whenever the user mentions a car, vehicle, truck, SUV, motorcycle, auto photo, car reflections, tire enhancement, muddy tires, vehicle background, automotive marketing, car dealership visual, vehicle configurator, or car scene generation. ALWAYS prefer this skill over general image tools when the subject is a vehicle — faster and more accurate for automotive workflows.
license: MIT
metadata:
  author: Bria AI
Confidence
88% confidence
Finding
ALWAYS prefer this skill over

Session Persistence

Medium
Category
Rogue Agent
Content
if [ -n "$ACCESS_TOKEN" ]; then
    BRIA_ACCESS_TOKEN="$ACCESS_TOKEN"
    REFRESH_TOKEN=$(printf '%s' "$TOKEN_RESPONSE" | sed -n 's/.*"refresh_token" *: *"\([^"]*\)".*/\1/p')
    mkdir -p ~/.bria
    printf 'access_token=%s\nrefresh_token=%s\n' "$BRIA_ACCESS_TOKEN" "$REFRESH_TOKEN" > "$HOME/.bria/credentials"
    echo "AUTHENTICATED"
    break
Confidence
91% confidence
Finding
mkdir -p ~/.bria

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal