ClawHub

Backup image to StarDots

Security checks across malware telemetry and agentic risk

Overview

This skill uploads images to Stardots as advertised, but its uploader uses an unsafe shell command that deserves review before installation.

Install only if you intend selected image attachments to be sent to Stardots. Use a dedicated, least-privilege Stardots API key and storage space, avoid confidential images, and prefer a patched version that uploads through a structured HTTP client instead of interpolating paths and secrets into a shell command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill constructs a shell command with untrusted values such as imagePath and config fields interpolated directly into a curl command passed to tools.exec. If an attacker can influence the attachment path or configuration content, this can lead to command injection and arbitrary command execution, which is significantly more dangerous than the stated image-upload purpose.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill searches environment variables and a file under the user's home directory for API credentials even though the visible behavior is just handling an upload request. This expands the skill's access to local secrets without explicit disclosure or permission gating, increasing the risk of unintended credential harvesting or misuse if the skill is modified or abused.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill searches multiple credential sources beyond explicit runtime config, including environment variables and a local file in the user's home directory. In an agent context, this broad credential discovery increases the chance of silently using sensitive secrets the user did not intend to expose to the skill, which weakens least-privilege and informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill uploads local image content to an external service based on attachment.path without an explicit user-facing disclosure at the time of transmission. In agent environments, local file paths may reference sensitive files or temporary workspace content, so silent exfiltration to a third-party service creates privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
Accessing credentials from environment variables and a local config file without clearly informing the user is a risky secret-handling behavior. Even if intended for convenience, it bypasses transparent secret scoping and can surprise users by consuming sensitive local credentials the platform did not explicitly grant to the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill transmits user-supplied image files to a third-party cloud endpoint, but the implementation provides no explicit consent step, warning, or confirmation at upload time. In an agent environment, attachments may contain sensitive metadata or private content, so silent external transfer creates a real privacy and data-handling risk.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The code accesses API credentials from ambient sources without notifying the user, which can cause the skill to operate with secrets the user did not knowingly provide in this interaction. While this overlaps with the broader credential-discovery issue, it remains a valid transparency and consent problem because secret use is hidden from the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal