ClawHub

Baoyu Imagine

Security checks across malware telemetry and agentic risk

Overview

This skill is an API-based image generator that uses expected provider credentials and uploads prompts or selected reference images to external image services, with no artifact evidence of hidden theft or destructive behavior.

Install only if you are comfortable sending image prompts, prompt files, and any reference images you choose to the configured third-party provider. Avoid using sensitive personal photos, confidential designs, regulated data, or private/internal URLs unless that provider is approved for your use. Store API keys in your normal secret-management process and review any saved EXTEND.md preference file before committing or sharing a project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation description is broad enough to match common requests like 'generate/create/draw images,' which can cause the skill to trigger in many contexts without clear user intent for external API use. In this skill's context, that broad routing is more risky because invocation can lead to shell execution, configuration file creation, and transmission of user content to third-party image providers.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documentation does not prominently warn that prompts and reference images will be transmitted to third-party provider APIs such as OpenAI, Google, OpenRouter, DashScope, and others. This omission is dangerous because users may provide sensitive text or personal images under the assumption that processing is local, leading to unintended data disclosure to external vendors.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The setup flow persists provider and model preferences into project- or user-scoped EXTEND.md, but the instructions do not explicitly warn the user at write time that configuration will be stored on disk and may persist across sessions or projects. While the content described here is mostly non-secret preference data, silent persistence can still surprise users and may expose operational choices in shared repositories or multi-user environments.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation states that reference images from local files are inlined as base64 and that http(s) URLs are forwarded as-is, but it does not clearly warn users that their image contents or URLs will be transmitted to DashScope. In an image-generation skill, users may supply sensitive local images or internal/private URLs, so silent forwarding can cause unintentional disclosure of personal data, proprietary media, or network-revealing resources.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
This skill reads prompts and reference images from local files or stdin, then sends them to third-party image-generation providers during normal operation. That is expected functionality for an image-generation skill, but there is no explicit user-facing consent or warning at the transmission point, so sensitive local content could be unintentionally exfiltrated to external APIs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This provider reads user-supplied local reference image files, base64-encodes them, and sends them to the MiniMax API as `subject_reference` without any explicit consent flow, warning, or trust-boundary check in this file. Because reference images may contain sensitive personal or proprietary content, users can unintentionally exfiltrate local data to a third-party service, and the skill context increases risk because image-generation workflows commonly encourage use of local photos as inputs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code reads local reference image files, converts them to data URLs, and sends them to the external Seedream API whenever referenceImages are provided. In an image-generation skill, this transfer is functionally expected, but without an explicit user-facing notice or consent checkpoint it creates a real privacy/data-handling risk because sensitive local images may be uploaded to a third-party service unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal