ClawHub
Back to skill

Security audit

Image Watermark Remover

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Nowatermark.info integration, but users should understand that submitted public image URLs are processed by that third-party service.

Install only if you are comfortable sending the image URL and resulting processing data to Nowatermark.info, and only use it for images you are authorized to edit. Keep NOWATERMARK_API_KEY private and avoid submitting confidential, regulated, private, or legally restricted images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference documents a workflow that sends user-supplied image URLs and resulting processed images to an external third-party service, but it does not warn users about that data transfer or its privacy implications. In a skill that handles images, this omission can mislead users into sharing content they would not have sent off-platform, especially if images contain personal, proprietary, or sensitive information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions tell users to provide a direct public image URL but do not clearly warn that this URL, and therefore the referenced image, will be transmitted to a third-party watermark-removal service. This can lead users to unknowingly expose sensitive or copyrighted images to an external processor, creating privacy, confidentiality, and compliance risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.