ClawHub

电商直播贴片生成器 / Ecommerce Livestream Overlay Generator

Security checks across malware telemetry and agentic risk

Overview

The skill mostly supports ecommerce image generation, but its privacy, local-file, review-avoidance, and capability-metadata mismatches should be reviewed before install.

Install only if you are comfortable sending brand, promotion, and optional product-photo data to Volcano Engine and writing output files locally. Use a scoped or revocable API key, confirm the output path before desktop delivery, and do not grant purchase or crypto authority unless the publisher fixes the mismatched metadata and privacy wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill claims it does not store or cache user inputs locally, but the documented workflow and code write processed user-supplied product images to disk. This creates a transparency and privacy issue: users may provide proprietary or sensitive product imagery under false assumptions about local handling, leaving residual data on the host filesystem.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file earlier discloses that text prompts and optional user-supplied product photos are sent to Volcano Engine, but this later API note states that no images or personal data are transmitted. That contradiction can materially mislead users about what leaves their machine, undermining informed consent and causing accidental disclosure of proprietary or sensitive product images.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
This repeated statement again claims that no images or personal data are transmitted, despite the earlier section documenting optional photo upload to the external API. Repetition increases the chance that users or downstream agents rely on the false assurance and send sensitive commercial assets without understanding the external transfer.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to create folders on the user's desktop and open local files/folders via shell commands. That grants filesystem and local application-launch behavior beyond the core image-generation purpose, and if followed blindly could modify the user's environment or trigger unintended local actions without clear consent. In this skill's context, local file delivery is related to the workflow, but using shell-level desktop operations is broader than necessary and increases risk.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill claims it will not store, record, or cache user inputs locally or remotely, but later instructs the agent to save generated outputs, create desktop folders, and package zip archives. That mismatch is a transparency and privacy issue because users may rely on the earlier statement while the workflow persists files on disk beyond transient processing.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill directs the agent to use local OS commands to create folders on the desktop and open files/folders automatically. Even though the goal is delivery, this expands behavior from image generation into host-system interaction, which can surprise users and increases the risk of unintended local actions in environments where the agent has shell access.

Ssd 2

Medium
Confidence
93% confidence
Finding
The instruction to avoid review-triggering words by substituting paraphrases is an attempt to evade platform or compliance review heuristics. Even if framed as copywriting guidance, it encourages bypassing moderation controls rather than complying with them, which is risky in an e-commerce marketing context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal