ClawHub

Hitem3D

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent Hitem3D image-to-3D skill, but it needs Review because one auth helper can print a bearer access token despite the skill saying tokens should not be exposed.

Install only if you are comfortable sending selected images to Hitem3D and using Hitem3D API credentials from environment variables. Avoid running the auth command in contexts where output is logged or shared, review paid or batch jobs before execution, use callback URLs only for HTTPS endpoints you control, and treat downloaded 3D files as untrusted until inspected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly instructs the agent to invoke a shell script (`scripts/hitem3d.sh`) and depends on command-line tools, but it does not declare corresponding permissions. That mismatch weakens policy enforcement and reviewability: a caller or platform may treat the skill as lower-risk than it actually is, even though it can execute shell commands and access environment-provided secrets.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation describes bearer-token use, Basic Auth credential exchange, downloadable result URLs, and `callback_url` webhooks without any guidance on protecting secrets, validating webhook destinations, or avoiding leakage through logs and insecure client contexts. In a skill intended for end-to-end automated workflows, this omission increases the chance that integrators will send credentials to untrusted environments, expose ephemeral download URLs, or configure unsafe callbacks that leak task data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The Chinese example prompt at line 27 ('把这张产品图变成 3D') is broad and closely matches ordinary user phrasing for image-to-3D requests, making accidental or overly eager skill activation more likely. In an agent environment, overly generic trigger examples can cause the skill to engage on ambiguous requests, leading to unintended API usage, credit consumption, file handling, and downstream actions such as submit→wait→download without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The English example prompt ('Turn this product image into a 3D model.') is a very common natural-language request and therefore an overly broad activation cue. Because this skill is designed to perform end-to-end operational steps and spend credits by default, generic matching increases the risk of misrouting benign conversation into external API calls, task polling, and file downloads that the user did not explicitly authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal