ClawHub

Generate images using Runware API

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Runware image-generation skill that uses a Runware API key, sends prompts to Runware, and saves generated images locally as disclosed.

Install this only if you are comfortable using your Runware account and API credits, sending image prompts to Runware, and allowing generated files plus a remembered output directory on your machine. Before first use, review or clear skill-config.json's last_output_dir and consider installing with pinned, current dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes use of environment variables, filesystem reads/writes, and outbound network access, but no explicit permissions are declared. This creates a transparency and governance gap: an agent may invoke a skill with broader capabilities than users or the platform expect, including reading a local .env file, writing files to Downloads, and sending prompts to an external API. In an agent ecosystem, undeclared capabilities materially increase the risk of unnoticed data access or unsafe execution.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explains that prompts are submitted to Runware's API, but it does not prominently warn users that their prompt content is transmitted to a third-party service and may be processed or retained under that provider’s policies. In a skill that may be invoked automatically for user image requests, this creates a meaningful privacy and data-handling risk if users include sensitive, personal, or confidential information in prompts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are extremely broad and overlap with ordinary user language such as 'generate an image' or 'create a picture,' making unintended invocation more likely. That matters here because invocation leads to network calls, use of local secrets, and file creation, so accidental activation could send user content to a third party or perform actions the user did not specifically consent to.

Natural-Language Policy Violations

Low
Confidence
91% confidence
Finding
The instructions explicitly tell the agent not to ask clarifying questions and to execute immediately, bypassing normal user confirmation and reducing opportunities to detect unsafe, ambiguous, or unintended actions. In this skill, immediate execution can trigger external network requests and local file writes, so the lack of opt-in increases the chance of privacy leaks, surprise side effects, and incorrect generation parameters.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Provide a secure, documented, and testable integration for generating images via the Runware.ai Image Inference API.

IMPORTANT INSTRUCTIONS FOR AGENT:
1. **Do NOT ask the user for the RUNWARE_API_KEY.** The script automatically loads it from the `.env` file in the skill directory.
2. **Do NOT ask clarifying questions** (style, size, etc.) unless the user's prompt is extremely vague. For requests like "generate a man on the moon", use your best judgment for the prompt and run the script immediately.
3. **Execute the script directly.** Do not propose it.
Confidence
87% confidence
Finding
Do NOT ask the user

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dotenv
pytest>=7.0.0
Confidence
98% confidence
Finding
python-dotenv

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dotenv
pytest>=7.0.0
Confidence
99% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
python-dotenv
pytest>=7.0.0
Confidence
96% confidence
Finding
pytest>=7.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
78% confidence
Finding
python-dotenv

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low
Category
Supply Chain
Confidence
71% confidence
Finding
pytest

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal