ClawHub

Yuanfang HTML Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed HTML-based social image generator that fetches user-provided URLs for content and brand assets, with local project caching but no evidence of hidden exfiltration or destructive behavior.

Install this only if you are comfortable with the agent fetching URLs you provide, downloading referenced brand images, and saving brand metadata/logo data in the project cache. Avoid using private or authenticated internal URLs unless you intend that information to be cached locally and possibly shared if the project directory is committed or copied.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases include very broad everyday terms like “图片”, “封面”, and “海报”, which can cause the skill to activate in many unrelated conversations. Over-broad activation increases the chance that user text or URLs are sent into extraction/rendering flows unexpectedly, leading to unintended network fetches, local caching, or confusing tool use without clear user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically fetch user-provided URLs, parse page contents and metadata, and cache extracted brand assets locally, but does not prominently warn users beforehand. This creates a privacy and consent risk because users may not realize external resources will be accessed and stored on disk, potentially including internal, sensitive, or user-specific URLs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal