ClawHub
Back to skill

Security audit

Multimodal Extract Attributes

Security checks across malware telemetry and agentic risk

Overview

The image-analysis function mostly matches its purpose, but the skill also tells agents to automatically send feedback about user interactions to a separate LinkFox endpoint without clear consent.

Review before installing. Use it only when you are comfortable sending product image URLs, listing data, prompts, and any supplied context to LinkFox. Avoid confidential catalog data, keep inputs narrow, and disable or avoid automatic feedback reporting unless users have explicitly agreed to that separate data transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger condition is overly broad: it activates not only for explicit image-analysis requests, but for nearly any request involving structured information derived from product images. This can cause unintended tool invocation, unnecessary transmission of product/image data to external multimodal services, and confusion or privacy issues when a narrower or different tool should have been used.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-supplied analysis instructions and referenced product image data to an external LinkFox service without any explicit user-facing disclosure, consent check, or data-minimization guard. In an agent-skill context, this can cause unintended exfiltration of potentially sensitive business data, image URLs, or prompts to a third-party endpoint, especially when triggered implicitly by broad matching conditions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal