ClawHub

Clawcap Avatar Equip

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real avatar-editing skill, but its web mode and image data handling need careful review before use.

Review before installing. Use only images you are comfortable sending to Google Gemini and, for the public demo, to the demo operator. Use a limited Gemini API key. If running web mode, bind it to localhost, add authentication, restrict CORS, avoid exposing port 8000 publicly, and disable or tightly validate image_url fetching. Manually inspect outputs because face and background preservation is prompt-based, not technically enforced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function documentation and comments describe mask-guided inpainting, but the implementation never sends the mask image to the external model API. In this skill’s context, that mismatch can cause the model to modify unintended parts of a user’s avatar, violating integrity and user expectations about localized edits.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The docstring promises that the tool will never change facial features, background, or composition, but the implementation delegates editing to generated masks and an inpainting model without any hard checks that those regions remain untouched. This can mislead users and downstream agents into trusting output safety guarantees that are not actually enforced, creating integrity and consent risks when uploaded avatars are modified beyond the stated scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly advertises a remote demo and a Gemini-based image-processing pipeline for user avatar images, but it does not warn users that uploaded images may be transmitted to third-party AI services or explain retention, logging, or privacy implications. Because avatars often contain identifiable faces, this omission can mislead users into sharing sensitive biometric or personal data without informed consent.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README instructs users to place a Gemini API key in a .env file and directly in Claude Desktop configuration, but it does not emphasize that the key is a sensitive secret or warn against committing it, sharing configs, or exposing it in screenshots and logs. This increases the risk of accidental credential leakage and downstream abuse of the external AI account.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill says Gemini Vision analyzes the avatar and Gemini performs inpainting, which implies user images are sent to an external AI provider, but it does not warn users about that data transfer. Because avatars may contain personal or biometric information, undisclosed third-party transmission materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code transmits the user’s original avatar image to Google’s external generative AI API without any evidence in this file of consent, disclosure, or minimization. Because avatars may contain personal or biometric data, silent third-party transmission creates meaningful privacy and compliance risk in this skill context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code transmits user-supplied avatar images to Google's Gemini API, which is a third-party external service, but the file shows no mechanism for user notice, consent, or minimization before transfer. Because avatar images may contain biometric or personal information, undisclosed external processing creates a real privacy and compliance risk even if the transfer is functionally required for the feature.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code processes user-supplied avatar images using external AI-backed fingerprinting and inpainting components, and the presence of a GEMINI_API_KEY strongly suggests third-party service involvement. Without a clear disclosure that images and prompts may leave the local environment, users may unknowingly submit personal biometric-like image data to external processors, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The page sends the uploaded avatar image as base64 to a backend API, but the UI does not clearly disclose that the image leaves the browser and is transmitted for processing. For an avatar-editing skill, users may reasonably expect local-only manipulation, so this creates a privacy and consent issue, especially if images contain personal likenesses or metadata-derived sensitive context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal