ClawHub

Ellya--Your Virtual Companion

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent image-companion purpose, but it asks for and stores unusually sensitive photo-derived body and identifying details without enough user control or retention guidance.

Install only if you are comfortable sending selected photos and prompts to Google GenAI and storing generated images, base photos, and style notes on disk. Avoid using private, identifying, or sensitive photos unless the skill adds clearer consent, deletion, and recipient-checking controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The prompt explicitly instructs the model to perform highly detailed analysis of intimate body attributes, including chest, buttocks, waist-to-hip ratio, skin tension, and other physiological details, without any clear legitimate purpose or safety boundary. This creates a capability for sexualized or invasive body scrutiny that can be misused for harassment, objectification, or analysis of sensitive imagery, especially where age or consent is unclear.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The prompt asks for precise mole locations, faint veins, tattoo details, and other uniquely identifying bodily markers beyond what is necessary for ordinary image styling or composition analysis. Those details can enable invasive profiling or re-identification from images, particularly when combined with other contextual information.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase "take a selfie" is a broad natural-language trigger with no explicit activation boundary, confirmation step, or examples of when the skill should not run. In a conversational agent, this can cause unintended invocation from ordinary dialogue or quoted text, leading to unplanned image generation and downstream actions such as file creation and media sending.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger "make a photo set" is similarly ambiguous and lacks constraints on who requested it, whether the user intended to invoke the skill, and whether multiple outbound media messages should be sent. Because it initiates multi-image generation and transmission, accidental activation has higher operational and privacy consequences than a purely informational action.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The request table presents several broad conversational phrases as direct triggers without contextual safeguards, creating a pattern of overbroad activation design. In a social or companion skill, these phrases are especially likely to appear in normal conversation, increasing the chance of unintended execution and media handling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to upload photos and save derived style data and generated images to local directories, but it does not disclose retention, overwrite behavior, or how sensitive images are stored. This creates a privacy and data-handling risk because personal photos and inferred appearance/style information may persist on disk beyond user expectations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The instructions tell operators to send generated images through OpenClaw using channel and target values from conversation context, but provide no warning about verifying recipients, consent, or transmission of potentially sensitive media. If misrouted or triggered unintentionally, personal or synthetic images could be exposed to the wrong recipient or channel.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to persistently modify `SOUL.md` and save uploaded appearance images as runtime state, but it does not require explicit disclosure or consent for those durable changes. In a companion/personalization context, silent persistence of identity and uploaded media can surprise users, retain sensitive personal data longer than expected, and create privacy and integrity risks if the user did not intend permanent storage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to analyze uploaded photos and store derived style profiles in `styles/` without any privacy notice, retention policy, or consent gate. Because uploaded photos may reveal biometric, aesthetic, or other personal information, deriving and storing reusable style descriptors without warning can expose users to unexpected profiling and long-term data retention risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code uploads image content to an external AI service during scene/character extraction without any explicit user disclosure or consent checkpoint. In a media-processing skill, reference images may contain sensitive biometric or personal context, so silent transmission creates a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The analyze flow sends the provided image to an external AI API using a prompt loaded from disk, but does not clearly warn the user that their image leaves the local environment. Because image analysis can expose personal, confidential, or regulated data, the lack of disclosure is a meaningful privacy vulnerability.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The generation flow transmits reference images and prompts to an external model API with no explicit notice about network transfer. Since prompts and images can contain sensitive personal information, users may unknowingly disclose data to a third party.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Series generation silently uploads the reference image and derived prompt/context data to an external AI service. In this skill, the feature is centered on identity-preserving image generation, which makes the privacy risk more serious because biometric likeness and scene details are intentionally extracted and reused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal