ClawHub

Image & Video Generation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI image and video generator that sends prompts and selected media to the DeepSop service, with an optional Feishu notification feature users should configure carefully.

Install only if you are comfortable sending prompts and selected reference images, videos, or audio to AI Artist/DeepSop. Use a revocable API key, avoid sensitive media unless you accept the external upload, monitor paid credit usage, and leave FEISHU_WEBHOOK_URL unset unless you trust that webhook and want prompts plus generated links forwarded there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (15)

Tainted flow: 'FEISHU_WEBHOOK_URL' from os.environ.get (line 52, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}
            }
        
        response = requests.post(
            FEISHU_WEBHOOK_URL,
            json=content,
            headers={"Content-Type": "application/json"},
Confidence
97% confidence
Finding
response = requests.post( FEISHU_WEBHOOK_URL, json=content, headers={"Content-Type": "application/json"}, timeout=30 )

Tainted flow: 'content' from requests.post (line 516, network input) → requests.post (network output)

Medium
Category
Data Flow
Content
}
            }
        
        response = requests.post(
            FEISHU_WEBHOOK_URL,
            json=content,
            headers={"Content-Type": "application/json"},
Confidence
93% confidence
Finding
response = requests.post( FEISHU_WEBHOOK_URL, json=content, headers={"Content-Type": "application/json"}, timeout=30 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes capabilities to read environment variables, read/write local files, and make network requests, but it does not declare permissions or constrain when those actions may occur. In an agent environment, this weakens user consent and policy enforcement because the agent may access local files or secrets and transmit data externally without an explicit permission boundary.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The top-level description focuses on image/video generation but omits that prompts and outputs may also be sent to a Feishu webhook. Hidden outbound sharing is dangerous because users may provide private prompts or proprietary media assuming the data only goes to the generation provider.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The Feishu webhook capability is ancillary to the core skill purpose and creates an additional exfiltration surface for user prompts, result URLs, and errors. Extra outbound integrations increase privacy and data-governance risk, especially when they are not essential to image/video generation.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
download_image claims to download an image, but it will fetch any URL and write arbitrary response bytes to disk without content-type or size validation. If an attacker can influence the URL, this can lead to unsafe file writes, misleading file types, or storage abuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that local reference images are uploaded automatically, but it does not clearly warn users that local files will be transmitted to a remote third-party service. In a skill that handles user-provided media, this can cause unintended disclosure of sensitive images, embedded metadata, or proprietary content because users may assume processing is local or not realize upload happens before generation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples encourage use of local paths such as ./ref.png, ./start.jpg, and ./end.jpg without an adjacent warning that these files will be uploaded to an external service. Example-driven usage strongly shapes user behavior, so omission of the warning increases the chance that users will unknowingly transmit confidential images or videos and any associated metadata.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad everyday expressions such as requests to 'help me draw' or generic image/video wording, which can cause the skill to activate in contexts where the user did not intend to call an external API. In this skill, unintended activation is more dangerous because invocation can consume paid credits and may upload user-provided media to a third-party service.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill states that uploaded local reference images or videos are automatically converted into publicly accessible URLs, but it does not prominently warn users that this is a form of third-party data exfiltration and possible public exposure. This is especially risky because users may supply sensitive personal or proprietary media assuming it stays local to the agent session.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file upload workflow gives a direct example of sending a local file to a remote endpoint and receiving a 'url' that is then reused as an externally accessible asset, but it omits any warning about confidentiality, link sharing, or permanence of exposure. In practice, this can leak private images or videos beyond the user's expectation, and the public URL may be discoverable or forwarded indefinitely.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guidance explicitly recommends exposing generated images via publicly accessible URLs as the simplest Feishu integration path, but it does not warn that prompts, generated media, and embedded metadata may contain sensitive or user-specific content. In an AI image generation skill, this can lead to unintended disclosure of private or regulated data if outputs are uploaded to public CDN/object storage links by default or reused outside the intended audience.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
When a local reference image/video/audio path is provided, the script automatically uploads that local file to a public URL before generation. This is dangerous because local user content may be exposed externally without a strong, immediate warning at the operation point or confirmation that the file will become remotely accessible.

Ssd 3

Medium
Confidence
98% confidence
Finding
The webhook message body includes raw prompts, generated media links, and failure details in plain text and sends them to an external chat system. Prompts may contain sensitive personal, business, or regulated data, so forwarding them to another service materially expands the confidentiality exposure.

Ssd 3

Medium
Confidence
98% confidence
Finding
In the CLI flow, every prompt is automatically forwarded to Feishu whenever FEISHU_WEBHOOK_URL is configured, with no per-invocation opt-in. This creates silent, broad data disclosure and makes accidental leakage likely in environments where operators set global environment variables.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal