ClawHub

VVMAI Image Generator

Security checks across malware telemetry and agentic risk

Overview

This is a normal VVMAI image-generation wrapper, though users should understand that prompts and selected images go to VVMAI and some modes save files locally.

Install only if you trust VVMAI and the configured VVMAI_BASE_URL with your prompts, API key, and any image you explicitly provide for editing. Avoid sensitive inputs unless you are comfortable sending them to that API, and remember that gpt-image outputs are saved locally even when --save is not passed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill documentation understates behavior by saying images are not saved locally by default and framing the feature as simple image generation, while the implementation reportedly also supports image editing, remote image fetching, automatic saving for some models, and arbitrary output paths/filenames. This mismatch can mislead users and reviewers about data flows and storage, increasing the risk of unexpected local writes, retrieval of attacker-controlled URLs, and handling of sensitive images without informed consent.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The code forces local persistence for any model whose name starts with "gpt-image" by setting should_save = args.save or args.oss or is_gpt_image, which contradicts the stated behavior that images are not saved locally by default. This can unexpectedly write potentially sensitive generated content to disk, increasing privacy and data-retention risk for users who expected URL-only handling unless they explicitly passed --save.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal