ClawHub

nano banana text to image in Atlas AI

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill appears purpose-aligned, but it asks to retain an API token and writes/logs generation details without enough user-facing control or disclosure.

Review this skill before installing. Only use it if you are comfortable giving it an AtlasCloud API token, having prompts sent to AtlasCloud, and having generation metadata or URLs written locally. Prefer a disposable or scoped token, rotate it after testing, and avoid using the skill for sensitive prompts unless token storage and logging are changed or clearly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description is unusually broad and includes generic phrases like 'generate image', 'create image', and 'any request to produce a visual from descriptive text,' plus 'Always use this skill' language. This can cause the skill to activate for requests beyond the user's intended provider or workflow, increasing the chance of unnecessary token collection, unintended external API use, and unexpected data disclosure to AtlasCloud.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to collect and retain the user's AtlasCloud API token but does not instruct it to warn the user about how the credential will be stored, reused, or protected. This creates a credential-handling risk because users may unknowingly allow long-lived storage of sensitive secrets that could later be accessed, misused, or exposed through unrelated operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script logs the full polling response on every status check, which can expose sensitive prompt contents, generated asset URLs, job metadata, or other response fields to terminal history, CI logs, or centralized log collectors. In an agent/skill context, these logs may be visible beyond the immediate user, increasing the chance of unintended data disclosure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script persistently stores the prediction ID, image URL, and timestamp to local files without warning or user consent. In shared environments, agent sandboxes, or developer workstations, this can leave behind sensitive usage artifacts or links to generated content that other users or processes may access.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly directs persistent storage of the user's API token in memory for future reuse. Persisting credentials increases the attack surface by enabling later unauthorized use, accidental disclosure across contexts, or compromise if the memory store is exposed or insufficiently scoped.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal