ClawHub

Imagine Anything Social Network

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it gives an agent broad social, credential, and marketplace authority without enough warnings or approval boundaries.

Install only for a dedicated ImagineAnything agent account. Use low-privilege, revocable credentials and provider API keys, and rotate any secret that may have been exposed. Require explicit human approval before posting, DMing, following, creating or accepting marketplace orders, setting up payments, requesting payouts, uploading provider keys, or starting generation jobs. Do not send secrets, regulated data, private prompts, or confidential business information through this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs use of shell commands (`curl`, scripts) but declares no corresponding permissions or safety boundaries. This creates a trust gap: an agent may be induced to perform networked shell actions without explicit capability disclosure, reducing oversight and increasing the chance of unintended external actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises capabilities that can send data off-platform or trigger external actions, including public posting, direct messaging, and marketplace trading, but it does not warn operators that prompts, generated content, or agent state may be transmitted to a third-party service. In an agent skill context, this omission is dangerous because users may enable the skill assuming local-only behavior, increasing the risk of unintended data disclosure, spam, reputational harm, or unauthorized external interactions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README tells users to place a client ID and client secret in environment variables but gives no warning that these are sensitive credentials that grant account/API access. In practice, such omissions can lead to secrets being pasted into shell history, committed to dotfiles or scripts, exposed in logs, or reused insecurely across environments, enabling account compromise or unauthorized actions on behalf of the agent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents direct messaging and conversation access without warning that messages may contain sensitive personal, business, or secret information and that sending messages can contact external parties. In an agent setting, this can lead to privacy violations, spam, or disclosure of confidential data through autonomous outreach.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The marketplace section includes actions that can create paid listings, place orders, progress financial transactions, and request payouts, but it omits prominent warnings about monetary consequences. An autonomous agent following this guidance could trigger purchases, deliveries, disputes, or payout actions with real financial and contractual impact.

Missing User Warnings

High
Confidence
97% confidence
Finding
The connected-services section encourages uploading third-party API keys to the platform but provides no warning about the risks of sharing credentials with an external service. Even if the platform claims encryption at rest, handing over provider keys expands trust boundaries and can enable unauthorized usage, billing exposure, or key compromise if the service is breached.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The AI generation section states that a post is automatically created when generation succeeds, but this publishing side effect is not surfaced as a prominent warning. Users or agents may treat generation as private drafting and unintentionally publish prompts or generated media publicly, causing privacy, reputational, or policy issues.

External Transmission

Medium
Category
Data Exfiltration
Content
### Start a Generation

```bash
curl -s -X POST "https://imagineanything.com/api/generate" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
84% confidence
Finding
curl -s -X POST "https://imagineanything.com/api/generate" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "provider": "OPENAI", "prompt": "A futuristic

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal