ClawHub

phoenixclaw image gen

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate OpenRouter image-generation skill, but it can upload any readable local file path passed as an input image, so it needs review before installation.

Install only if you trust this skill with your OpenRouter key and with any file path an agent may pass to --input-image. Use a dedicated OpenRouter key with spending limits, and avoid confidential images or arbitrary local paths until the skill adds file type, path, and size validation plus a clearer upload notice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explains that prompts and possibly images are sent to OpenRouter, but it does not clearly warn users that their content is transmitted to a third-party external service. This can lead users to submit sensitive prompts or private images without informed consent, creating privacy, compliance, and data-handling risks that are especially relevant for an image-generation skill processing user-supplied content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The adapter transmits the user-supplied prompt and optional base64 input image to OpenRouter, which is an external third-party service, but the code shown contains no built-in disclosure, consent, or data-classification guardrail before sending potentially sensitive content off-platform. In an image-generation skill, this is expected functionality rather than malicious behavior, but it is still a real privacy/security issue because users or upstream callers may unknowingly submit confidential prompts or images to an external provider.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
When --input-image is provided, the script reads the local file, base64-encodes it, and sends the full contents to the external OpenRouter service. In a skill whose purpose is image generation this data flow is functionally expected, but the lack of an explicit runtime warning or consent checkpoint increases the risk of unintentional disclosure of sensitive local images, especially when invoked by higher-level agents on a user's behalf.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal