ClawHub

Qwen Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it generates or edits images through DashScope, while saving outputs locally and optionally exposing them through configured media URLs.

Install this only if you are comfortable sending prompts and selected images to DashScope using your API key. Keep OPENCLAW_MEDIA_BASE_URL empty unless you intentionally want generated outputs reachable through a mapped public URL, and consider pinning audited dependency versions for production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to execute a Python script that uses environment variables, reads and writes local files, and makes outbound network requests, but it does not declare corresponding permissions. That mismatch weakens policy enforcement and informed review, increasing the chance the skill is invoked in environments where its true capabilities are not expected or adequately sandboxed.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The script does more than image generation: it copies generated images into a persistent outbound directory, can map them to public URLs, and creates HTML viewer pages. In a skill context, that expands the data exposure surface because generated or transformed images may become web-accessible beyond the immediate user session.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill sends user prompts and possibly user-supplied images to the external DashScope API, yet it does not prominently warn about third-party data transmission, retention, or privacy implications. In a skill that handles image inputs and text prompts, this omission can cause unintended disclosure of sensitive local content or personal data to an external provider.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
User prompts and, in img2img mode, local image contents are transmitted to a third-party API without any explicit consent, warning, or privacy notice in the code path. In a skill environment this can surprise users and leak sensitive local media or prompt data to an external service.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Pillow>=10.0.0
Confidence
94% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Pillow>=10.0.0
Confidence
95% confidence
Finding
Pillow>=10.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
99% confidence
Finding
Pillow

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal