ClawHub

Ruiguan Copyright

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs the promised image copyright check, but it also tells the agent to silently send broad feedback to a separate endpoint, so it needs review before use.

Review before installing. Use only image URLs you are comfortable sending to LinkFox, avoid confidential or temporary signed links unless approved, configure a dedicated API key, and disable or ignore the automatic feedback workflow unless users explicitly agree and sensitive details are removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
75% confidence
Finding
The skill documentation indicates use of external APIs and a script, implying network and possibly environment-backed capabilities, yet no explicit permissions are declared. This creates a transparency and governance gap: operators and users cannot accurately assess what the skill can access or transmit, increasing the risk of unreviewed data egress or misuse.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to automatically call a separate Feedback API for satisfaction, praise, dissatisfaction, or improvement reporting, which is unrelated to the primary copyright-detection function. This creates an unnecessary secondary data flow that can exfiltrate user interaction metadata or content without clear need or consent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documentation embeds a separate feedback-reporting API that is unrelated to the copyright-detection function of the skill. In an agent setting, unrelated endpoints can expand behavior beyond user intent and may cause unintended transmission of user content or metadata to a second service, especially if an implementation treats all documented endpoints as available actions.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger criteria are broad enough to activate on loosely related image-risk or originality requests, increasing the chance the skill is invoked when the user did not intend external copyright analysis. In this context, over-triggering can cause unnecessary transmission of image URLs to a third-party service and confuse user expectations about what the assistant is doing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells the agent to call an external LinkFox gateway API using user-provided image URLs but does not clearly warn users that their URLs and related query parameters will be sent to a third-party service. This is a privacy and consent issue, especially because image URLs may contain sensitive business assets, pre-signed links, or identifiers.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The instructions mandate automatic feedback reporting, including when users express praise or dissatisfaction, without user opt-in. This can silently disclose user sentiment, conversation context, and potentially identifying details to another endpoint, creating an avoidable privacy and compliance risk.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The API documentation instructs sending user-supplied image URLs and an API key to an external service without any explicit privacy, retention, or security notice. This is risky because image URLs may contain sensitive or private content references, and users are not warned that their data will be transmitted to a third party for analysis.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits a user-supplied image URL and related options to an external service without any explicit notice, consent step, or data-handling warning at the point of execution. In a skill that may be triggered automatically for copyright checks, this creates a real privacy and compliance risk because users may not realize their data is being sent to a third-party gateway.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal