ClawHub

upload img temp 临时图床上传技能

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uploads a user-chosen image to a temporary third-party image host and returns links, but users should treat those links as public and sensitive.

Install only if you are comfortable sending selected images to imgland.net. Do not use it for secrets, credentials, private screenshots, documents, or sensitive personal data. Keep both the public image URL and the delete_url private, because anyone with those links may access or control the uploaded image until it expires.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script returns a deletion URL derived from a secret token even though the skill is described as a simple temporary public upload tool. Exposing this capability unnecessarily broadens the authority granted to callers and increases the chance that logs, chat transcripts, or downstream tools can delete the uploaded content unintentionally or maliciously.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script extracts deleteSecret from the API response and embeds it directly into the output as a ready-to-use destructive URL. This exposes a bearer secret with delete authority to any consumer of the script output, including assistants, logs, shell history, or other automation layers that only needed the public link.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description does not clearly warn that uploaded images become publicly accessible on a third-party host. Users may upload sensitive screenshots or personal data believing this is merely temporary storage, when in fact anyone with the link may access the image until expiry.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script uploads an arbitrary local file to a third-party service with only a generic progress message and no explicit warning that data is leaving the local environment and becoming remotely hosted via a public link. In an agent skill context, this is more dangerous because users may trigger it conversationally without realizing sensitive screenshots or documents are being transmitted externally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script outputs a destructive delete URL containing a secret but provides no indication that this value is sensitive or should be protected. Users or orchestration systems may copy, log, or expose it inadvertently, allowing anyone with access to the output to delete the uploaded file.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal