ClawHub

remove-bg

Security checks across malware telemetry and agentic risk

Overview

This is a local image background-removal skill, but it automatically launches the generated file in a system viewer without making that clear in the main instructions.

Review before installing if you do not want skills to launch local applications automatically. The image conversion itself is local and purpose-aligned, but users should consider removing or disabling the auto-open block, or only run it with trusted input and output paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        import subprocess, sys
        if sys.platform.startswith('win'):
            subprocess.run(['start', str(out_path)], shell=True, check=False)
        elif sys.platform.startswith('darwin'):
            subprocess.run(['open', str(out_path)], check=False)
        else:
Confidence
92% confidence
Finding
subprocess.run(['start', str(out_path)], shell=True, check=False)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if sys.platform.startswith('win'):
            subprocess.run(['start', str(out_path)], shell=True, check=False)
        elif sys.platform.startswith('darwin'):
            subprocess.run(['open', str(out_path)], check=False)
        else:
            subprocess.run(['xdg-open', str(out_path)], check=False)
    except Exception as e:
Confidence
82% confidence
Finding
subprocess.run(['open', str(out_path)], check=False)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
elif sys.platform.startswith('darwin'):
            subprocess.run(['open', str(out_path)], check=False)
        else:
            subprocess.run(['xdg-open', str(out_path)], check=False)
    except Exception as e:
        print('Failed to open image:', e)
Confidence
82% confidence
Finding
subprocess.run(['xdg-open', str(out_path)], check=False)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module documentation describes only background removal and PNG saving, but the implementation also launches the output in an external viewer. This mismatch is security-relevant because hidden side effects reduce user consent and transparency, making the skill more dangerous in automated or agent-executed contexts where users rely on the description to understand behavior.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
A simple image background-removal tool has no strong functional need to launch external applications, so the subprocess-based viewer opening is unjustified and increases attack surface. In the context of an agent skill, such hidden execution is more dangerous because it can trigger local GUI actions or external handlers unexpectedly during automated runs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal