ClawHub

Smart Photo Editor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent photo-editing skill that uses expected image tools and disclosed cloud AI services, with privacy and rights-use caveats users should understand.

Install only if you are comfortable with photo-editing requests potentially using cloud AI services such as VolcEngine Ark/Seedream. Avoid sending sensitive personal photos unless that matches your privacy expectations, and use watermark/logo removal only on content you have rights to edit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documents reading user-supplied image files and processing local paths, but the manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can access local files, and future implementations may read broader filesystem locations than intended.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README says Chinese prompts are automatically translated to optimized English, but does not clearly warn users that their prompt content may be transformed before processing and potentially routed through external AI tooling. This creates a transparency and privacy risk because users may unknowingly disclose sensitive information in prompts that are altered or sent beyond the local environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README advertises automatic use of Seedream AI and fallback behavior without clearly telling users when uploaded images may be processed by external services. For a photo-editing skill, images often contain personal, biometric, or sensitive content, so silent routing to third-party AI materially increases privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README includes watermark/logo removal as a supported capability without any warning about legal, contractual, or rights-related misuse. While the functionality is not inherently malicious, presenting it without guardrails can facilitate improper removal of attribution, copyright notices, or ownership indicators.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill imposes automatic translation of Chinese prompts to English without user opt-in, which changes user input semantics and can affect privacy, accuracy, and user expectations. In this context, prompt transformation is more dangerous because the skill may also interact with external AI services, compounding the risk of unintended disclosure or altered task execution.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list uses broad everyday phrases such as 'edit image', 'restore', 'fix', 'crop', and 'resize', which can cause the skill to activate in unrelated conversations. Unintended activation is risky here because the skill can invoke local tools and external APIs on user images, potentially causing unwanted file handling or data transfer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The top-level skill description emphasizes AI editing but does not clearly disclose that some features send user images to the external VolcEngine Ark API. This can mislead users about data handling and cause sensitive photos to be transmitted off-device without sufficiently prominent notice or informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal