ClawHub

Backup image to StarDots

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: uploads user-selected image paths to Stardots.io and lists files there, with some privacy and scoping caveats but no evidence of hidden or malicious behavior.

Install only if you intend to send selected images to Stardots.io. Avoid uploading sensitive images unless you understand Stardots.io retention and link-sharing behavior, and prefer more specific commands such as Stardots upload/list rather than generic file-list requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The example triggers are short, generic phrases like '列出文件', '帮助', and '显示所有备份文件', which overlap with normal user requests and can cause the skill to activate unexpectedly. In a file-accessing and cloud-upload context, broad invocation language increases the chance of unintended operations or disclosure of file metadata to an external service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description says the skill uploads images to cloud storage and provides access links, but it does not clearly warn users that this creates externally reachable URLs and moves local files to a third-party service. In this context, missing disclosure is dangerous because users may treat a backup action as private local storage behavior when it actually publishes or exposes content beyond their device.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill uploads a user-specified local image file to a third-party remote service, but the interaction and help text do not clearly warn the user that local data will leave the machine and be stored externally. In an agent setting, ambiguous natural-language matching such as 'upload' or 'backup' increases the chance of unintentional exfiltration of sensitive local images or metadata.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The exact trigger "帮助" is extremely generic and is likely to match ordinary user requests for help, causing this skill to activate outside its intended backup context. Because the skill has filesystem read access and network upload capability, accidental invocation could expose local image data or lead users into backup-related actions they did not explicitly request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest states that images are automatically backed up to a remote platform, but it does not clearly warn users at invocation time that local files will be transmitted off-device. In a skill with filesystem-read and network permissions plus API credentials, missing explicit disclosure and consent increases the risk of unintended data exfiltration of sensitive images.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill uploads a local file path extracted directly from the user's message to a remote Stardots service, but it does not present any explicit confirmation, warning, or privacy disclosure before transmitting local data. In an agent setting, this can lead to unintended exfiltration of sensitive local images if a user or upstream prompt ambiguously references a file path.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.6.0",
    "form-data": "^4.0.0"
  },
  "devDependencies": {
Confidence
90% confidence
Finding
"axios": "^1.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "dependencies": {
    "axios": "^1.6.0",
    "form-data": "^4.0.0"
  },
  "devDependencies": {
    "@types/node": "^20.0.0",
Confidence
90% confidence
Finding
"form-data": "^4.0.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
axios==1.6.0

Known Vulnerable Dependency: form-data==4.0.0 — 1 advisory(ies): CVE-2025-7783 (form-data uses unsafe random function in form-data for choosing boundary)

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
form-data==4.0.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal