ClawHub
Back to skill

Security audit

Qwen Logo Designer

Security checks across malware telemetry and agentic risk

Overview

This logo-generation skill does what it claims, but it automatically changes local file and directory permissions and fetches API-returned URLs without validation, so users should review it before installing.

Install only if you are comfortable sending logo prompts to Alibaba DashScope and running a local Python script that writes files. Use a dedicated DashScope API key, avoid sensitive prompts, choose a dedicated output directory, and review or remove the chmod behavior before using it in private directories or shared environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        # Download using curl
        result = subprocess.run([
            "curl", "-s", "--max-time", "60",
            "-o", tmp_path,
            url
Confidence
96% confidence
Finding
result = subprocess.run([ "curl", "-s", "--max-time", "60", "-o", tmp_path, url ], capture_output=True, timeout=90)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation instructs use of shell execution, environment variables, and local file writes, but it does not declare corresponding permissions. This creates a real security and governance issue because agents or users may invoke capabilities with broader effects than expected, including writing files to user-controlled paths and consuming secrets from the environment without explicit permission review.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill states that generated images are automatically saved locally and may use directories derived from environment variables, but it does not clearly warn users before writing to disk or explain the storage implications. While the content being saved is low risk in this logo-generation context, silent local persistence can still surprise users, leak workspace usage patterns, or clutter/overwrite files in unintended locations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits user prompts and the bearer API key to an external service but provides no explicit runtime warning or consent flow about prompt data leaving the local environment. In agent settings, this matters because prompts may contain confidential business information, and users may not realize their data is being sent to a third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal