ClawHub

Ms Ai

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for ModelScope AI, but it should be reviewed because it uploads user prompts/images/history to a remote service and logs partial API key values.

Review before installing. Use a dedicated low-privilege ModelScope key, assume prompts/images/OCR inputs/history are sent to ModelScope, avoid confidential or regulated content unless approved, and remove or mask the API-key-prefix logging before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly requires sensitive capabilities—environment variable access for API keys, local file read/write for images and history files, and network access to ModelScope APIs—yet the documentation does not declare permissions. This creates a transparency and governance gap: an agent or reviewer may underestimate what the skill can access, increasing the risk of unintended data exposure, unsafe execution, or policy bypass.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The README advertises image analysis and text generation features but does not disclose that user prompts and uploaded images are transmitted to an external ModelScope service. This creates a meaningful privacy and data-handling risk because users may unknowingly submit sensitive content, credentials, personal images, or regulated data to a third party.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script transmits the user's prompt and any loaded conversation history to a third-party ModelScope API, but it does not provide a clear consent prompt or warning at the point of transmission. This can expose sensitive data from local history files or interactive prompts to an external service without the operator fully realizing that off-system disclosure is occurring.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits user-supplied image data and prompts to a third-party API, but the CLI and documentation do not clearly warn users that potentially sensitive local content will leave the machine. In a vision-analysis skill, this behavior is expected for functionality, but the missing disclosure creates a privacy and data-handling risk if users analyze confidential images or text without realizing it.

External Transmission

Medium
Category
Data Exfiltration
Content
}

    try:
        resp = requests.post(
            f"{BASE_URL}chat/completions",
            headers=headers, json=payload, timeout=120, stream=stream,
        )
Confidence
89% confidence
Finding
requests.post( f"{BASE_URL}chat/completions", headers=headers, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal