ClawHub

Tuzi Cover Image

Security checks across malware telemetry and agentic risk

Overview

This instruction-only cover-image skill is coherent and purpose-aligned, but it saves local copies of inputs, prompts, outputs, and preferences.

This skill looks safe to install if you are comfortable with it reading the article and reference images you provide and saving local copies, prompts, preferences, and generated images. Use project-scoped preferences and review the output directory when working with sensitive drafts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

Running the skill can add folders and files to the current project, near the article, or under a separate cover-image directory.

Why it was flagged

The skill is expected to create local output directories and files in or near the article location. This is purpose-aligned, but it is still local file mutation.

Skill content
Output directory per `default_output_dir` preference: `same-dir`: `{article-dir}/`; `imgs-subdir`: `{article-dir}/imgs/`; `independent` (default): `cover-image/{topic-slug}/`.
Recommendation

Review the selected output directory before generation and delete generated artifacts you do not want to keep.

#
ASI06: Memory and Context Poisoning
Low
What this means

Sensitive article content or reference images could remain on disk in the generated project artifacts.

Why it was flagged

The workflow stores source material, reference images, and generated prompts locally. This is disclosed and useful for reproducibility, but private article drafts or reference assets may persist after the task.

Skill content
`source-{slug}.{ext} # Source files` ... `refs/ # Reference images` ... `prompts/cover.md # Generation prompt` ... `cover.png # Output image`
Recommendation

Avoid using highly confidential drafts unless local persistence is acceptable, or remove the source, refs, and prompt files after generation.

#
ASI06: Memory and Context Poisoning
Info
What this means

Saved preferences such as watermark, style defaults, output directory, and quick mode may be reused automatically later.

Why it was flagged

The skill persists user preferences either in the current project or across all projects. This is disclosed and user-selected, but it affects future runs.

Skill content
Project | `.tuzi-skills/tuzi-cover-image/EXTEND.md` | Current project ... User | `~/.tuzi-skills/tuzi-cover-image/EXTEND.md` | All projects
Recommendation

Choose project-scoped preferences unless you intentionally want the same settings across all projects, and review EXTEND.md if behavior changes unexpectedly.