ClawHub

Image To 3d Pipeline

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is mostly purpose-aligned, but it unexpectedly uses an undeclared Meshy API key and provider while presenting itself as a Tripo3D/Replicate pipeline.

Review carefully before installing. Use only with images you are allowed to upload to third-party services, confirm whether you intend to use Tripo/Replicate or Meshy, and do not provide MESHY_API_KEY or run batch commands unless that provider and its pricing/data handling are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation claims the pipeline uses Tripo3D/Replicate, but the implementation later polls and batch-submits to Meshy instead. This mismatch can cause users or agents to unknowingly transmit images and credentials to a different third party than declared, undermining informed consent, auditing, and security review.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata declares only TRIPOSR/remove.bg/upscale-related credentials, but the examples also rely on MESHY_API_KEY and Meshy endpoints. Undeclared credential and service dependencies are dangerous because they bypass expected permission review and may lead operators to provision or route sensitive data to an unvetted external provider.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to provide image URLs or upload images, then sends that content to third-party APIs such as Replicate, remove.bg, and Meshy without an explicit privacy or data-sharing warning. User-supplied product images may contain proprietary, personal, or regulated data, so silent transmission to external processors creates confidentiality and compliance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 批量生成(需要企业版 API)
for img in "${images[@]}"; do
  curl -X POST "https://api.meshy.ai/v2/image-to-3d" \
    -H "Authorization: Bearer $MESHY_API_KEY" \
    -d "{\"image_url\": \"$img\", \"enable_pbr\": true}" &
done
Confidence
89% confidence
Finding
curl -X POST "https://api.meshy.ai/v2/image-to-3d" \ -H "Authorization: Bearer $MESHY_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
# 轮询结果(每20秒检查一次)
while true; do
  STATUS=$(curl -s "https://api.meshy.ai/v2/image-to-3d/$TASK_ID" \
    -H "Authorization: Bearer $MESHY_API_KEY" | jq -r '.status')
  
  if [ "$STATUS" == "SUCCEEDED" ]; then
Confidence
90% confidence
Finding
https://api.meshy.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 批量生成(需要企业版 API)
for img in "${images[@]}"; do
  curl -X POST "https://api.meshy.ai/v2/image-to-3d" \
    -H "Authorization: Bearer $MESHY_API_KEY" \
    -d "{\"image_url\": \"$img\", \"enable_pbr\": true}" &
done
Confidence
89% confidence
Finding
https://api.meshy.ai/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal