ClawHub

Baoyu Article Illustrator

Security checks across malware telemetry and agentic risk

Overview

This article-illustration skill is mostly coherent, but it needs review because it includes a safety-bypass image prompt and can persist settings and edit article files.

Review before installing. Use it only on articles and reference images you are comfortable duplicating into local prompt, outline, image, and backup files. Prefer project-scoped preferences over user-level preferences unless you want settings reused across projects. Before letting it modify an article, choose the copy or preview path when available and check the proposed image-link changes. The publisher should remove the safety-bypass 'DO NOT refuse' prompt language before this can be treated as low-risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The prompt explicitly instructs the model to create 'stylistically similar alternatives' for sensitive or copyrighted figures and says 'DO NOT refuse to generate.' This attempts to bypass normal safety and copyright safeguards, increasing the likelihood of producing infringing or policy-violating content beyond the stated article-illustration purpose.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The workflow requires discovering and potentially creating persistent configuration in project, XDG, or user home locations before proceeding. That exceeds the stated article-illustration function and creates lasting side effects on the user's environment, which can surprise users and broaden the skill's access to unrelated filesystem areas.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The workflow instructs editing the source article by inserting image links, but the skill description only says it analyzes articles and generates illustrations. Hidden content modification is dangerous because it can alter user documents without clear, separate consent and may corrupt content or commit unintended changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill performs filesystem writes and may modify article files, create prompt files, outlines, references, and generated images, but it does not provide an upfront warning at activation time that local files will be created or changed. In an agent setting, this can lead to unexpected persistence and document modification without sufficiently informed user consent, especially because the workflow includes automatic path selection and insertion of markdown image references.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup flow explicitly writes persistent preferences to either a project-scoped or user-scoped path, but it does not warn the user that this creates lasting state outside the current interaction. In an agent context, silent or under-disclosed persistence can surprise users, leak preferences across projects, or cause later runs to inherit settings the user did not realize were saved.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The workflow copies user-provided reference images into a references directory as a required processing step without an explicit warning that files will be duplicated and retained. This can expose sensitive images to unnecessary persistence, create extra copies that users do not expect, and increase privacy risk if the workspace is shared or synced.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow saves outline and prompt files, creates backups, and may replace existing outputs, but it does not clearly warn the user that multiple filesystem modifications will occur. Unannounced file creation and backup churn can leak article content into additional artifacts, consume storage, and overwrite or proliferate sensitive material in the working tree.

Missing User Warnings

High
Confidence
98% confidence
Finding
Automatically inserting image links into the source article edits the user's original content without an explicit warning or confirmation at the point of modification. This is especially risky because source documents are often version-controlled or authoritative, so silent edits can cause data integrity problems and unintended publication changes.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal