ClawHub

SiliconFlow Image Gen

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uses a SiliconFlow API key to generate images and optionally save them locally.

Install only if you are comfortable sending image prompts to SiliconFlow and using a SiliconFlow API key that may incur charges. Prefer a dedicated, revocable API key, and save generated images only to paths you intentionally choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Download image if output path specified
        if output_path:
            download_cmd = ["curl", "-s", "-L", "--max-time", "60", "-o", output_path, image_url]
            download_result = subprocess.run(download_cmd, capture_output=True)
            if download_result.returncode != 0:
                print(json.dumps({
                    "success": False,
Confidence
82% confidence
Finding
download_result = subprocess.run(download_cmd, capture_output=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares access to sensitive resources in metadata (`SILICONFLOW_API_KEY` and `~/.openclaw/openclaw.json`) and its documented usage invokes a local Python script, but it does not declare explicit permissions for environment access, file reads, and shell execution. This creates a transparency and least-privilege problem: users may grant or run the skill without understanding that it can read credentials from multiple sources and execute local commands, increasing the chance of unintended secret exposure or abuse if the implementation changes or is compromised.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The script writes downloaded content to any path provided by the caller with no validation or warning. In agent or automation contexts, this can be abused to overwrite files within the current user's permissions or to place untrusted files in unexpected locations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest combines access to an API key with the generic exec tool, yet provides no user-facing disclosure about external network use, credential handling, or what commands will be executed. This increases the risk that the skill could send prompts or sensitive data to a third-party service or misuse the API key through shell execution without clear user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal