ClawHub

批量图像处理工具

Security checks across malware telemetry and agentic risk

Overview

This is a real image-processing skill, but its scripts can turn crafted filenames or options into unintended local shell commands.

Use Review caution before installing. Only run this on trusted folders and filenames, avoid untrusted parameters, verify the external cli-anything-imutils installation source, and prefer a patched version that uses spawn/execFile with argument arrays, validates numeric options, and documents overwrite and batch-delete behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This script builds a shell command with user-controlled values and executes it via execSync, allowing shell metacharacters in input, output, angle, or scale to break out of the intended command and run arbitrary OS commands. In an image-processing utility, this capability is unnecessary and significantly increases risk because the script is likely to be used on untrusted command-line input in automation or agent contexts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README suggests invoking the skill with broad natural-language phrases like 'batch process these images' or 'rotate all product images 90 degrees'. In agent environments, vague trigger phrases can overlap with ordinary user requests and cause the skill to activate unexpectedly, leading to unintended file operations on local images.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README describes commands that read input images and write output images, including batch processing, but does not clearly warn that files will be created or modified on disk. In an agentic context, missing disclosure increases the risk of accidental overwrites, unexpected bulk file generation, or modification of user data when the skill is invoked implicitly or with misunderstood parameters.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes batch-processing examples that create directories, write output files, and delete temporary files (`Remove-Item $temp`) without clearly warning users about filesystem side effects, overwrite risks, or deletion behavior. In an agent setting, users may issue high-level requests and the agent could perform destructive or irreversible file operations on large image sets, making accidental data loss plausible.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal