ClawHub

AI 火宝

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill sends prompts, image URLs, and an API key to a third-party endpoint that is not clearly disclosed in the skill documentation.

Install only if you trust api.chatfire.site with your image prompts, image URLs, generated-image requests, and API key. Use a dedicated revocable key, avoid command-line secrets, do not submit confidential or regulated data, and be aware that the code does not enforce the documented generation-count limit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly encourages passing the API key via a command-line argument, which can expose the secret through shell history, terminal logging, CI logs, and process listings visible to other local users. In this skill context, the risk is realistic because the examples are meant to be copied directly by users, increasing the chance of credential leakage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples show literal `--api-key` usage and encourage sending prompts and image URLs to an external image-generation service without any privacy or data-handling warning. Users may unknowingly submit sensitive prompts, internal URLs, or private images to a third party, creating both credential-exposure and data-leakage risk.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script sends user-supplied image URLs and prompts to a third-party API without clearly warning users that their content is being transmitted off-host. In a skill context, prompts and referenced image URLs may contain sensitive business, personal, or internal data, so silent external disclosure increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits both user-supplied prompts and credentials to a third-party service, but the runtime UX does not provide a clear disclosure or confirmation that this external transfer will occur. In agent or skill contexts, silent transmission of potentially sensitive prompts can create privacy and compliance risks, especially when users may assume local processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal