ClawHub

Product Photo Guide

Security checks across malware telemetry and agentic risk

Overview

The skill is a non-executable product photography guide, but it repeatedly encourages demographic and body-type matching for models without clear lawful-use guardrails.

Install only if you are comfortable editing its output before use. Treat any model-selection suggestions as optional, avoid specifying or excluding protected traits unless there is a lawful and product-relevant reason, and prefer inclusive representation and use-case fit over demographic mirroring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill repeatedly frames model selection as needing to match buyer demographics, which can steer users toward selecting or excluding people based on protected attributes such as age, gender presentation, or ethnicity without any necessity test or consent/guardrail. In an ecommerce creative workflow, this can normalize discriminatory targeting and produce briefs that operationalize biased audience matching rather than focusing on lawful, product-relevant representation goals.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The model-direction section explicitly instructs users to define age range and body type, creating a template that encourages handling sensitive or protected characteristics as routine casting filters. Without policy constraints, this can lead to exclusionary briefs, discriminatory hiring/casting practices, or inappropriate profiling in generated outputs.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The example/common-mistakes guidance reinforces demographic matching as a best practice, increasing the likelihood that users will treat protected-attribute targeting as mandatory rather than exceptional. Because the skill is prescriptive and operational, this context makes the issue more dangerous: it is not abstract discussion, but actionable instruction likely to be copied directly into briefs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal