Back to skill

Security audit

Ima All Ai

Security checks across malware telemetry and agentic risk

Overview

This AI media-generation skill is mostly purpose-aligned, but users should review it because its image-provider, credential, and upload behavior are inconsistently documented.

Install only if you are comfortable sending prompts, selected local media, and API credentials to third-party generation services. Use test or scoped IMA/KIE keys first, avoid sensitive local files, and review/delete ~/.openclaw/logs/ima_skills/ if prompts or file paths should not remain on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest says image generation uses the KIE API, but the documented implementation routes image and video operations through IMA infrastructure and a bundled IMA script. This kind of deceptive or inconsistent disclosure is dangerous because users may provide credentials and data under false assumptions about which provider receives prompts, files, and API keys.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script advertises support for image_to_image, including local/remote input images, but the KIE image-task path does not pass input_image into create_kie_image_task. This can cause users to believe reference images are being used when they are silently ignored, leading to incorrect outputs and unintended transmission of prompts or local files under false assumptions about processing behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Local file paths are automatically uploaded to a remote CDN, and while comments mention auto-upload, the operational flow can transmit user-local media off host with limited just-in-time consent. In an agent skill context, automatic external upload of local files is more sensitive because users may not realize a local asset is leaving their machine and becoming remotely hosted.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
SKILL.md:393