ClawHub

Autoglm Image Recognition

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uploads local images when needed and sends image URLs and prompts to AutoGLM for recognition, with privacy caveats users should understand.

Install only if you are comfortable sending selected images, image URLs, and prompts to AutoGLM. Do not use it for confidential screenshots, IDs, private documents, or sensitive photos unless you are willing for the image to be uploaded to a public URL and processed by an external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script hardcodes an application ID and signing key directly in source, which exposes credential-like material to anyone with access to the skill and enables unauthorized use of the upload API. This is especially concerning because the skill description claims only a local token fetch is needed, so the embedded signing material is unexpected and broadens the attack surface beyond the advertised trust model.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to upload local images to a public URL before analysis, but provides no warning that the image may become externally accessible or expose sensitive contents. This is dangerous because users may unknowingly publish private documents, screenshots, IDs, or personal photos to a public location.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow and output instructions omit any warning that image contents and prompts are transmitted to third-party recognition infrastructure. In context, this is especially risky because the skill is designed for OCR-like extraction and image description, which commonly involve sensitive visual data such as documents, screens, or personal photos.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends user-controlled image URLs and prompts to a third-party external API, which can expose sensitive image content, embedded secrets in URLs, or private user instructions without any explicit notice or consent flow. In this skill context, the risk is heightened because the metadata explicitly instructs users to upload local files and then process them through a public URL, increasing the chance that private local content is unintentionally disclosed to external services.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits arbitrary local file contents to a remote third-party endpoint with no explicit confirmation, no warning about data leaving the machine, and no validation that the selected file is safe to upload. In the context of an agent skill that instructs users to run this helper on local files, this increases the risk of accidental exfiltration of sensitive documents, credentials, or private images.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script silently retrieves an authorization token from a local HTTP service and uses it for remote API access without clearly informing the user. Even though the token source is localhost, undisclosed token harvesting and transmission create a hidden trust dependency that could misuse locally scoped credentials or surprise users about what identities and permissions are being exercised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal