ClawHub
Back to skill

Security audit

Art Director

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-generation skill that combines a brand aesthetic and brief, then calls a Gemini-backed generator.

Install only if you are comfortable sending image briefs and brand aesthetic text to the underlying Gemini-backed generator. Do not put secrets, regulated data, or confidential launch details in briefs or aesthetic.md, and only set NANO_BANANA_SCRIPT to a trusted local nano-banana-pro generate_image.py path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'cmd' from os.environ.get (line 263, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
"--filename", str(output_path),
            "--resolution", resolution,
        ]
        result = subprocess.run(cmd, capture_output=True, text=True)

        if result.returncode != 0:
            print(f"  [ERR] failed: {result.stderr.strip().splitlines()[-1] if result.stderr else 'unknown error'}")
Confidence
95% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to configure a Gemini API key and use the skill, but it does not clearly disclose that both the per-image brief and the persistent brand aesthetic are sent to an external Gemini-backed generation service. That omission creates a real data-handling and privacy risk because users may include unpublished editorial concepts, proprietary brand guidance, or sensitive campaign material in those inputs without realizing they leave the local environment.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The skill description is very broad ('any brand', many content types), which can cause overly permissive or ambiguous invocation and increase the chance the skill is used in contexts its operators did not intend. While not an exploit by itself, broad scope reduces guardrail clarity and can lead to misuse with sensitive or inappropriate content-generation tasks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation says the skill wraps nano-banana-pro and requires GEMINI_API_KEY, but it does not plainly warn that user-provided briefs and possibly image inputs/outputs may be sent to an external model provider. This is a real privacy and data-handling issue because users may supply unpublished editorial plans, brand strategy, or sensitive internal material without informed consent.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal