ClawHub

跨境电商图片生成工具

Security checks across malware telemetry and agentic risk

Overview

This is a real ecommerce image-generation skill, but it needs Review because it under-discloses local credential fallback behavior while sending prompts and product images to 1xm.ai.

Install only if you are comfortable sending product images, prompts, and brand context to 1xm.ai. Before using it, check or remove the fixed ~/.openclaw/workspace/image-gen-service/backend/.env fallback, set the API key deliberately, and review generated outputs manually for marketplace, IP, and factual product accuracy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill advertises strict platform-specific generation, six style routes, and six-layer compliance review, but the finding indicates those controls are not actually implemented and that arbitrary underlying model names may be passed through. This creates a dangerous trust gap: users may rely on claimed safety/compliance guarantees while the skill behaves as a much more general image-generation wrapper, potentially producing policy-violating, infringing, or noncompliant content.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation claims the API key must come from the environment, but the implementation also loads a secret from a fixed local .env path. That discrepancy matters because it silently broadens the script's credential access scope and may cause the tool to consume secrets from unrelated workspace files without explicit user intent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script reads a hardcoded .env file from another workspace location to obtain API credentials, which exceeds what an image-generation helper should need. In an agent environment, this creates a credential-access capability that can pull secrets from adjacent projects or shared workspaces, increasing the chance of unintended secret disclosure or misuse.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Overly broad trigger phrases can cause the skill to activate on ordinary ecommerce conversations, increasing the chance of unintended processing, file creation, or transmission of user-supplied product images to external services. In this context, accidental invocation matters because the skill is positioned as an automated end-to-end pipeline with external API use and local output writes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill states that generated images are automatically saved into workspace brand directories, but it does not clearly warn users at the point of use that local files and compliance reports will be created. This can expose sensitive commercial assets, product imagery, or branding data to other local processes, shared environments, or later unintended reuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The output-directory section documents predictable local file creation without an explicit warning about disk writes or report storage. Predictable storage paths and silent persistence increase the risk of unintended data exposure in shared workspaces, especially when outputs are organized by brand name and may contain commercially sensitive references.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs users to call an external image-generation service but does not explicitly disclose that prompts and reference images are sent to a third party. Because the skill processes product images and brand-related data, silent transmission can leak proprietary product designs, launch materials, customer assets, or other sensitive business information outside the local environment.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill hard-codes culture- and market-specific substitutions such as replacing numbers and colors based on target regions, but the document does not require explicit user opt-in, validation of the target market, or a way to disable these transformations. In an ecommerce image-generation workflow, this can silently alter product details, marketing claims, sizing labels, or branding context in ways the user did not request, creating compliance, misrepresentation, and business-risk issues across markets.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The workflow states that image generation failures trigger automatic retries up to 10 times, but it does not describe rate limiting, backoff, cost controls, or user-visible notification/approval. In an API-backed image generation skill, this can amplify accidental or adversarial requests into unnecessary spend, quota exhaustion, or service degradation, especially if failures are deterministic and retries are unlikely to succeed.

Credential Access

High
Category
Privilege Escalation
Content
if key:
        return key
    env_path = os.path.expanduser(
        "~/.openclaw/workspace/image-gen-service/backend/.env"
    )
    if os.path.exists(env_path):
        with open(env_path) as f:
Confidence
97% confidence
Finding
.env"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal