ClawHub

Azure Ai Vision

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Membrane-based Azure AI Vision helper with expected network and credential use, but users should review raw proxy requests before approval.

Install only if you are comfortable using Membrane to broker Azure AI Vision authentication and requests. Use the least-privileged Azure connection available, prefer the listed actions, and review any raw proxy request carefully, especially POST, PUT, PATCH, or DELETE.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The manifest advertises broad capabilities like managing data, records, and workflows, while the body documents a much narrower Azure AI Vision image/OCR integration plus generic proxying. This mismatch can cause an agent to invoke the skill in contexts the user did not intend, increasing the chance of over-broad access or unexpected external actions.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The proxy section explicitly permits arbitrary HTTP methods and paths, effectively turning the skill into a general authenticated API tunnel rather than a constrained Azure AI Vision helper. In context, this is riskier because the skill is marketed as a specific vision integration, so an agent may use high-privilege authenticated requests beyond the user's expected scope.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation description is broad enough to match many unrelated requests involving Azure or generic data/workflow tasks, which can cause inappropriate routing to this skill. Because the skill includes connection setup and proxy capabilities, accidental activation can expose authenticated operations the user did not specifically request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal