ClawHub
Back to plugin

Security audit

LFIT

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local image-generation plugin, but its privacy claims are inconsistent with bundled code paths that can send prompts outside the main plugin process.

Review this before installing if prompt privacy matters. The normal OpenClaw tool is intended for local generation, but avoid sensitive prompts unless you have confirmed the sd-server endpoint is loopback-only, do not run lfit-quick with private prompts, and treat any configured LFIT_BIN or binaryPath as fully trusted local code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code and user-facing descriptions repeatedly claim there are 'no network calls' and that 'no data leaves your machine,' but runLfit can pass a --server-url argument to the lfit binary, causing it to communicate over HTTP with a localhost service. Even though the target is restricted to localhost/127.0.0.1, this is still network communication and can expose sensitive prompts or generated content to another local process, violating the stated privacy and trust assumptions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script sends the full user-supplied prompt, and potentially negative prompt text, to the external service image.pollinations.ai over the network without any explicit runtime warning, consent prompt, or privacy notice. In an agent setting, prompts may contain sensitive project details, proprietary concepts, or personal data, so silent transmission to a third party creates a real confidentiality and data-handling risk even though the code is not overtly malicious.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal