ClawHub

ollama-vision

Security checks across malware telemetry and agentic risk

Overview

This skill does local image analysis through Ollama and its sensitive behaviors are aligned with that purpose, though users should be mindful of local image privacy and the model download.

Install this only if you are comfortable running Ollama locally and allowing a possible multi-gigabyte model download. Avoid highly confidential images unless you trust the local Ollama installation, its logging or retention behavior, and other users or processes on the same machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script automatically enumerates a user-specific media directory and selects the first image file found, which accesses arbitrary local user content without explicit user consent or a supplied path. In a test utility for an image-analysis skill, this broad local file discovery increases privacy risk because it may process unintended personal images and normalize unnecessary access to user data.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill routes user-supplied images to a local Ollama service/process for analysis but does not clearly disclose that image contents are transmitted outside the main agent runtime to another local service. While this is not remote exfiltration by itself, it can expose sensitive image data to another component, its logs, caches, or other users/processes on the same machine, so the omission creates a privacy and consent risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script transmits the full image contents to a local HTTP API endpoint without an explicit consent prompt or clear warning at the point of transfer. Even though the destination is localhost, this can expose sensitive image data to another process or service bound to that port, especially on shared or compromised systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal