ClawHub

Dynapictures

Security checks across malware telemetry and agentic risk

Overview

This is a real DynaPictures connector, but it gives an agent broad authenticated control including delete actions and raw API requests without clear confirmation rules.

Review before installing. Connect only the intended DynaPictures account, require explicit confirmation before any create, update, delete, workspace-level, or proxy API request, and revoke the Membrane connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest description says the skill manages images, users, albums, and tags, but the body also exposes workspace administration and arbitrary API proxying. That mismatch can cause the agent or user to authorize and invoke a broader-capability integration than they reasonably expect, increasing the chance of unintended privileged or destructive operations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The proxy-request feature allows direct authenticated access to arbitrary DynaPictures API endpoints through Membrane, bypassing the narrower set of curated actions described elsewhere. In an agent setting, this materially expands the attack surface because prompt-driven misuse could reach sensitive, destructive, or undocumented endpoints without additional guardrails.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation description is broad enough that many generic DynaPictures-related requests could trigger the skill, even when the user intent is ambiguous. In combination with the skill's broad operational scope, over-triggering can lead the agent to take actions in a more privileged integration than the user expected.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented action set includes destructive operations such as deleting workspaces and generated images, but there is no explicit warning or confirmation guidance. In an agent-driven workflow, that omission increases the risk of accidental data loss or unauthorized destructive execution from an imprecise prompt or misinterpretation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal