ClawHub

gpt-image-2

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill does what it advertises, but it under-discloses that user prompts and an access key are sent to a hard-coded unencrypted server.

Review before installing. Only use this with a limited, revocable image-service key and non-sensitive prompts. Be aware that prompts and the key are sent to an undisclosed HTTP backend, and generated image files may remain in the system temporary directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill asks the user to submit an access key in chat and then retain it for the full session, but provides no privacy or handling warning. Secrets entered into conversational channels are at risk of logging, accidental replay, display in transcripts, or exposure through prompt/context leakage, making credential compromise more likely.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The skill states that generated images are written to the system temporary directory but does not clearly warn users in the description or workflow that files may persist on shared or monitored systems. On multi-user devices or environments with temp-directory inspection, this can expose sensitive prompt-derived images beyond the intended recipient.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script sends the user's access key and prompt to a hard-coded remote server over plain HTTP, which provides no transport encryption or server authentication. An attacker on the network path can intercept or modify requests and responses, exposing credentials, prompts, quota data, and image payloads; the hard-coded raw IP further increases trust and spoofing concerns.

Ssd 3

Medium
Confidence
95% confidence
Finding
Instructing the agent to remember the user's access key for the entire session creates a direct secret-handling risk in natural-language context. Session memory may be surfaced in later turns, captured in logs, or unintentionally revealed through debugging, summarization, or prompt-injection style interactions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal