ClawHub

Smart Image Finder

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward image search and download helper, but it will contact external sites and save downloaded images locally.

Install only if you are comfortable with the agent making web requests, sending image search terms or generation prompts to third-party services, and writing downloaded files locally. Use a dedicated download folder, avoid private or secret terms in searches and prompts, protect any Brave API key, and verify content type and source before opening downloaded files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs the agent to execute shell commands (`curl`, `grep`, `jq`, `file`, `ls`) and to download files, but it does not declare those capabilities or permissions. This creates a transparency and policy-enforcement gap: hosts or users may not realize the skill can perform network access and local file writes, increasing the chance of unauthorized execution in sensitive environments.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The documented behavior goes beyond simple image search by performing local file inspection (`file`, `ls`) and arbitrary URL header probing (`curl -I` against user-supplied URLs). That mismatch matters because it broadens the operational surface to local system interaction and arbitrary network requests, which can be abused for unintended reconnaissance or handling of untrusted content.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README promotes background downloading and API-based fetching as a core feature without warning that the skill transmits user queries to third-party services and writes downloaded content to local files. In an agent context, this can lead to silent exfiltration of sensitive prompts or topics and unintended filesystem changes if the agent uses the documented commands automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Brave example sends search queries to a third-party API and uses an API key in a shell command, but provides no warning about privacy exposure, credential handling, or the risk of downloading a returned URL from an untrusted domain. In an agent workflow, this makes covert external transmission and unsafe retrieval more likely because users may copy the pattern verbatim.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The AI-generation example sends the full prompt to an external image-generation service without any privacy notice or data-handling caveat. Because prompts may include confidential business context, personal data, or proprietary concepts, the lack of warning is risky in an agent skill intended for autonomous content creation.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases are broad everyday terms like 'find image', 'search photo', and 'download picture', which can cause accidental invocation in unrelated conversations. Unintended activation is risky here because the skill performs network requests and writes downloaded content to disk without an explicit warning gate.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description presents the tool as a convenient image finder but does not warn that it will contact external services, transmit search queries, and save files locally. This omission reduces informed consent and can expose user prompts, topics, or operational metadata to third parties unexpectedly.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The script accepts an arbitrary user-supplied URL and performs a network request with curl without any warning, restriction, or validation. In an agent context, this can trigger unintended outbound connections, leak IP/network metadata to third parties, and potentially enable access to internal or sensitive endpoints if the URL is attacker-controlled.

External Transmission

Medium
Category
Data Exfiltration
Content
export BRAVE_API_KEY="your_api_key"

# Search images
curl -s "https://api.search.brave.com/res/v1/images/search?q=keyword&count=10" \
  -H "X-Subscription-Token: $BRAVE_API_KEY" | jq '.results[] | {title, url: .properties.url, width: .properties.width}'

# Get first image URL directly
Confidence
87% confidence
Finding
https://api.search.brave.com/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "X-Subscription-Token: $BRAVE_API_KEY" | jq '.results[] | {title, url: .properties.url, width: .properties.width}'

# Get first image URL directly
curl -s "https://api.search.brave.com/res/v1/images/search?q=SpaceX%20Starship&count=1" \
  -H "X-Subscription-Token: $BRAVE_API_KEY" | jq -r '.results[0].properties.url'
```
Confidence
87% confidence
Finding
https://api.search.brave.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Add delay between requests (1-2 seconds recommended)
for query in "query1" "query2" "query3"; do
  curl -s "https://api.search.brave.com/res/v1/images/search?q=$query&count=1" \
    -H "X-Subscription-Token: $BRAVE_API_KEY" | jq -r '.results[0].properties.url'
  sleep 2  # Wait 2 seconds between requests
done
Confidence
84% confidence
Finding
https://api.search.brave.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Search, get first result URL, download
IMG_URL=$(curl -s "https://api.search.brave.com/res/v1/images/search?q=SpaceX%20launch%202025&count=1" \
  -H "X-Subscription-Token: $BRAVE_API_KEY" | jq -r '.results[0].properties.url')
curl -sL -o spacex.jpg "$IMG_URL"
file spacex.jpg
Confidence
90% confidence
Finding
https://api.search.brave.com/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -sL -o starmer-xi.jpg "${IMG_URL}?width=3000&quality=100"

# Option B: Brave search (no browser)
IMG_URL=$(curl -s "https://api.search.brave.com/res/v1/images/search?q=Keir%20Starmer%20Xi%20Jinping%202025&count=1" \
  -H "X-Subscription-Token: $BRAVE_API_KEY" | jq -r '.results[0].properties.url')
curl -sL -o starmer-xi.jpg "$IMG_URL"
Confidence
90% confidence
Finding
https://api.search.brave.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal