ClawHub

Multimodal Recognize Image

Security checks across malware telemetry and agentic risk

Overview

The image analysis function is coherent, but the skill also tells the agent to automatically send feedback details to a separate LinkFox endpoint without clear user approval.

Install only if you are comfortable sending image URLs, analysis prompts, and a LinkFox API key to LinkFox. Avoid private, signed, internal, personal, or regulated image links. Disable or require explicit approval for the Feedback API before allowing the agent to send user comments, outcomes, or incident details to the separate feedback endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill instructs the agent to call an external API and even references a runnable script, which implies network and possibly environment-backed capabilities, yet no permissions are declared. This creates a transparency and policy gap: the skill can cause outbound requests and data handling behavior that users and the platform may not expect or constrain.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger description is very broad, covering nearly any mention of images, screenshots, URLs, OCR, or visual questions. Overbroad activation can cause the skill to trigger in contexts where users did not intend to send image URLs or related data to a third-party service, increasing the chance of unintended data disclosure and confused-deputy behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that the backend downloads the image from a publicly accessible URL, but it does not require warning the user that their supplied URL will be fetched by an external service. This is a real privacy and data-handling issue because URLs may contain sensitive query parameters, identify internal resources, or reveal user intent to a third party.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API documentation instructs the skill to send user-supplied image URLs and analysis prompts to an external service, but it provides no warning about third-party data transfer, retention, or privacy implications. Because image URLs and OCR/analysis requests may contain personal, confidential, or regulated data, this omission can cause unintended disclosure and uninformed user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal