ClawHub

Libvips Image

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate image-processing skill, with the main caution that its setup can install system packages and may run a remote installer for uv.

Review scripts/install.sh before running it, especially on machines where sudo/system package changes matter. Prefer installing uv through a trusted package manager or a verified manual download instead of piping network content directly into a shell, and use a virtual environment for Python dependencies when practical.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill clearly instructs users to run shell commands and wrapper scripts, yet no permissions are declared to reflect that capability. This creates a trust and review gap: consumers may assume the skill is documentation-only or low-risk when it actually drives package installs and command execution on the host.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The installer downloads and executes a third-party shell script to install uv, which expands the skill's behavior beyond installing libvips/pyvips from the local system package managers. Piping remote content directly into a shell creates a supply-chain execution risk: if the remote endpoint, CDN, or TLS trust chain is compromised, arbitrary code runs on the host during installation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation recommends piping code fetched from the internet directly into a shell or PowerShell interpreter. That removes opportunities for integrity verification or human review, so a compromised upstream, MITM, or typo-squatted source could immediately execute arbitrary code on the user's machine.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The one-click installer is described as auto-detecting the OS and installing system libraries and Python packages, but users are not warned that it may alter system state, require elevated privileges, or affect PATH and package sources. That lack of disclosure increases the chance of unsafe execution in sensitive environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script executes a remote installer from the network without an explicit, user-facing warning that arbitrary shell code will be fetched and run. Users may reasonably expect a dependency installer to use local package managers, so the lack of disclosure increases the chance of unsafe execution and reduces informed consent.

External Script Fetching

Low
Category
Supply Chain
Content
**Install uv (if not installed):**
```bash
# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows (PowerShell)
irm https://astral.sh/uv/install.ps1 | iex
Confidence
94% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
**Install uv (if not installed):**
```bash
# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows (PowerShell)
irm https://astral.sh/uv/install.ps1 | iex
Confidence
97% confidence
Finding
| sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal