ClawHub

Filtrix Image Gen

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward remote image-generation/editing skill, with the main user consideration being that prompts and edited images are sent to Filtrix.

Install only if you intend to use Filtrix's remote MCP service. Use a Filtrix-specific API key, avoid submitting sensitive or regulated prompts/images unless you accept remote processing by Filtrix, and monitor credit usage for generation and edit calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill names a remote MCP endpoint and implies that prompts and image inputs will be sent there, but it does not explicitly warn users that their text and uploaded images may leave the local environment. This creates a meaningful privacy and data-handling risk, especially if users provide sensitive prompts, proprietary artwork, or personal images under the assumption processing is local.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly directs use of a remote MCP endpoint and bearer-token authentication but provides no user-facing notice that prompts, images, and associated metadata will be transmitted to an external service. In an image-generation/editing skill, this omission can cause users or downstream integrators to unknowingly send sensitive images or private content off-platform, creating privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The generate and edit tool docs describe accepting free-form prompts, image URLs, and base64 image uploads, yet they do not warn that this content may be uploaded to and processed by a third-party service. Because this skill is specifically built to handle user-supplied images, the context makes the omission more dangerous: users may provide personal photos, proprietary artwork, or sensitive visual material without understanding the external transfer.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script sends either a user-supplied image URL or base64-encoded local image contents, along with the edit prompt, to a remote MCP endpoint. In an agent skill context this is sensitive because local files may contain private data, and the code provides no explicit consent gate, redaction, or warning before exfiltrating that content to a third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal