ClawHub

qwenz-image-gen

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-generation skill that uses a documented DashScope API key, sends prompts to Alibaba Cloud, and saves returned images locally.

Install only if you are comfortable sending image prompts to Alibaba Cloud and using a DashScope API key for generation. Prefer a dedicated, revocable API key in an environment variable, avoid putting secrets in committed TOOLS.md files, and choose --output carefully because an explicit output path can overwrite an existing file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill metadata declares required environment variables but does not explicitly declare the broader capabilities it appears to use, including filesystem reads and network access. Undeclared capabilities reduce transparency and can mislead users about what the skill will access, which is a security issue even if the accesses are expected for API-based image generation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose is image generation, but the behavior reportedly includes reading API credentials from local TOOLS.md and accessing unrelated filesystem paths. Accessing local files beyond the minimum needed for output or explicitly declared configuration expands the trust boundary and can expose sensitive data or enable unintended local data collection.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script retrieves credentials from TOOLS.md in multiple local paths, which expands secret sources beyond the expected environment variable and can silently access credentials from unrelated workspace files. In an agent-skill context, reading arbitrary local secret-bearing documentation is riskier because users may not realize running an image tool causes local credential discovery and use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to place the API key in plaintext, including in TOOLS.md, without warning about credential sensitivity or safer storage practices. Plaintext secrets in project files are easy to leak through source control, logs, backups, or accidental sharing, which can lead to unauthorized API usage and account abuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code reads an API key from a local TOOLS.md file without clearly notifying the user that local files may be inspected for secrets. This creates hidden secret access behavior that violates least surprise and can expose or misuse credentials stored in general documentation files.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script sends the user prompt to Alibaba Cloud's remote API, but does not provide an explicit warning or consent flow about external transmission of prompt content. In a skill environment, prompts may contain sensitive text, making silent outbound transfer a meaningful privacy and data-handling issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal