ClawHub

Ai Media Cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent guide for installing and using the ai-media CLI with ricebowl.ai, but it involves API keys, paid credits, and remote media generation that users should handle carefully.

Install only if you intend to use ai-media-generator with ricebowl.ai. Use a dedicated revocable API key, avoid pasting real keys or config output into chats, logs, screenshots, or CI, and approve any recharge or generation command because it may spend credits and upload prompts, images, or metadata to the hosted service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough to activate on generic install, configuration, or troubleshooting requests without clearly requiring that the request be specifically about the ai-media CLI. Over-broad activation can cause the agent to inappropriately load this skill, steering users toward unnecessary credential setup and platform-specific guidance that may not match their intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation guidance relies on broad categories like installation, onboarding, and scripting, with only loose suggestions to switch to narrower skills. In practice this increases the chance of misrouting user requests and exposing them to account onboarding and API-key handling flows they did not ask for.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The onboarding sequence instructs users to create and set an API key but gives no warning about secret handling, shell history, screenshots, or secure storage. Because this skill is specifically for CLI onboarding, the context makes credential exposure more likely and more damaging: users are being guided directly into handling live secrets.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example command uses a realistic-looking secret format ('gm_xxx') in a direct key-setting command without a warning that the value is sensitive. This normalizes pasting credentials into terminals and potentially into chat transcripts, logs, recordings, or shell history, increasing the risk of accidental secret disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly tells users to save a managed API key and to print the current configuration, but it does not warn that secrets may be stored in a local config file or echoed back into terminal history, logs, screenshots, or CI output. In a CLI/onboarding skill, this is a real security weakness because users commonly copy-paste commands into shared shells and automation where credential exposure is easy.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The docs present model listing and media generation as routine commands without disclosing that prompts, images, metadata, and parameters are sent to a remote service (`ricebowl.ai`). That omission can cause users to transmit sensitive business data, personal data, or proprietary media under the false assumption that processing is local, which is especially relevant in an automation-focused CLI skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to pass the API key directly on the command line (`ai-media config set-key gm_xxx`) and optionally export it in-shell, but it does not warn that secrets entered this way may be captured in shell history, process listings, terminal logs, or persisted in local config files. In an onboarding guide for a hosted AI platform, this increases the likelihood of accidental credential exposure and subsequent unauthorized API use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal