ClawHub

摄影照片评分Aesthetic Scorer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real photo-aesthetic scorer, but its privacy guarantees and default saving of detailed image analysis need review before installation.

Install only if you are comfortable running third-party local ML dependencies and having detailed analyses of your photos saved by the agent for later retrieval. Avoid sensitive images unless your host agent and storage are acceptable for that data, and prefer explicit invocation such as naming the skill when asking for aesthetic scoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The README makes strong privacy/security claims such as '100% local processing', 'no data transmission', and 'works completely offline', but the documented installation process requires cloning external GitHub repositories and downloading model weights from releases. Even if runtime inference is local, these statements are misleading because users must fetch unpinned third-party code and artifacts over the network, creating supply-chain and trust risks and causing users to overestimate the skill's privacy/offline guarantees.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The instruction to always generate and save a full detailed evaluation in the background introduces hidden persistence beyond the user's immediate request. That can cause unnecessary retention of image-derived content and analysis, increasing privacy exposure and creating a covert stateful behavior that users may not expect when asking for a one-time photo score.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file claims that all processing is '100% local' while also stating that evaluation text is generated by an AI agent, which may not be strictly local in many deployments. This is a misleading privacy/security assurance: users may share sensitive photos under the false belief that no image content or derived analysis could leave the device.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples are extremely broad phrases like 'Evaluate this photo' and 'Analyze this picture', which can overlap with normal user conversation and unintentionally activate the skill outside a deliberate opt-in context. In an agent ecosystem, ambiguous invocation can cause unintended processing of user images or routing to this skill when the user did not specifically request it, increasing privacy and consent risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal