ClawHub

onedrive-photo-batch

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it claims, but it needs Review because it can access and change OneDrive photos, reuse cached Microsoft credentials, and send photo contents or OCR text to third-party APIs.

Install only if you intend to grant OneDrive photo access and are comfortable sending selected photos and extracted text to the configured OCR and embedding providers. Keep mode.read_only=true unless you need write actions, use narrow filters and limits, review the Microsoft account and token cache paths before running, and disable embeddings or external OCR for sensitive albums.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly instructs users to run a Python script that performs local file reads/writes and network access to OneDrive, yet the skill metadata does not declare permissions or capabilities. This creates a transparency and governance gap: users or orchestrators may invoke a skill with broader side effects than expected, including cloud deletion, upload, restore, and local recycle-bin persistence.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends full image contents from OneDrive to a third-party OCR service, which may expose sensitive personal, corporate, or regulated data outside Microsoft storage boundaries. In this skill context, bulk photo processing increases the danger because large volumes of private images can be transmitted automatically with limited user awareness at execution time.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill transmits OCR-derived text to an external embedding provider without an explicit execution-time warning or consent check. OCR text may contain names, addresses, IDs, financial details, or other sensitive content, so exporting it to another external service creates an avoidable privacy and data-governance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
"log_file": "/root/.openclaw/workspace/tmp/onedrive_photo_batch/skill.log"
  },
  "ocr": {
    "endpoint": "https://api.siliconflow.cn/v1",
    "api_key": "YOUR_SILICONFLOW_API_KEY",
    "default_model": "Qwen/Qwen3-VL-8B-Instruct",
    "prompt": "请进行OCR,逐行输出可见文字,再给三条关键内容摘要。",
Confidence
90% confidence
Finding
https://api.siliconflow.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
},
  "embedding": {
    "enabled": true,
    "endpoint": "https://api.siliconflow.cn/v1",
    "api_key": "YOUR_SILICONFLOW_API_KEY",
    "model": "BAAI/bge-m3",
    "timeout_sec": 60
Confidence
88% confidence
Finding
https://api.siliconflow.cn/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal