ClawHub

Baoyu Cover Image

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cover-image generator, but it explicitly tells the agent not to refuse sensitive or copyrighted figure requests and keeps prompts/reference artifacts on disk.

Review before installing. Use it only if you are comfortable with local prompt/reference storage and avoid requests involving real people, copyrighted characters, or protected likenesses unless the skill is revised to respect normal refusal and rights-handling safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The prompt explicitly instructs the model to avoid refusing requests involving sensitive or copyrighted figures and to produce stylistically similar substitutes instead. That is a deliberate refusal-bypass pattern that expands the skill beyond ordinary cover-image generation into policy-sensitive content transformation, creating a path to generate infringing or otherwise disallowed depictions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "make cover" is broad enough to match ordinary requests that may not intend image generation, causing the agent to invoke this skill in the wrong context. Misrouting can lead to unnecessary file writes, preference loading, and image-generation side effects without clear user intent.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The text specifically requires generation of stylistically similar alternatives for sensitive or copyrighted figures while forbidding refusal. This is dangerous because it operationalizes evasion: users can request protected or sensitive subjects and still obtain near-substitute outputs that may violate copyright, publicity, or safety controls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow instructs the agent to copy user-supplied files into a local `refs/` directory and proceed with processing, but it does not require explicit user notice or consent for local disk writes. Even if the write is operationally useful, silently persisting user-provided images can create privacy and data-handling risks, especially when the files may contain sensitive visual content or metadata.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section directs the agent to create `refs/extracted-style.md` from conversation or image analysis without informing the user that derived content from their inputs will be written to disk. Persisting extracted descriptions can expose sensitive inferred information and creates an additional stored artifact beyond the original interaction, increasing privacy and retention risk.

Ssd 1

Medium
Confidence
95% confidence
Finding
The instruction reframes sensitive-content handling away from refusal and toward substitution, undermining built-in safety behavior. In a cover-image skill, this is not necessary for core functionality and makes misuse easier by normalizing generation of proxy depictions for content the model might otherwise block.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| `--aspect <ratio>` | 16:9 (default), 2.35:1, 4:3, 3:2, 1:1, 3:4 |
| `--lang <code>` | Title language (en, zh, ja, etc.) |
| `--no-title` | Alias for `--text none` |
| `--quick` | Skip confirmation, use auto-selection |
| `--ref <files...>` | Reference images for style/composition guidance |

## Five Dimensions
Confidence
87% confidence
Finding
Skip confirmation

Session Persistence

Medium
Category
Rogue Agent
Content
| `--quick` or `quick_mode: true` | 6 dimensions | Aspect ratio (unless `--aspect`) |
| All 6 + `--aspect` specified | All | None |

### Step 3: Create Prompt

Save to `prompts/cover.md`. Template: [references/workflow/prompt-template.md](references/workflow/prompt-template.md)
Confidence
88% confidence
Finding
Create Prompt Save to `prompts/cover.md`. Template: [references/workflow/prompt-template.md](references/workflow/prompt-template.md) **CRITICAL - References in Frontmatter**: - Files saved to `refs/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal