ClawHub

Yufluentcn Ecommerce Imaging

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud ecommerce image-generation skill that uses an API key and may upload user-provided product images, with no evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable sending product prompts and any source images you provide to Yufluent and its backend providers for paid cloud processing. Keep TOKENAPI_KEY private, leave TOKENAPI_BASE_URL unset unless you know the endpoint is trusted, and avoid passing confidential or non-product local files as source images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = skill_run_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""), skill_id)
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
92% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = agent_outcomes_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""))
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
92% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases are broad enough to match many ordinary ecommerce or image-editing requests, which increases the chance of unintentional invocation. In this skill's context, accidental activation matters because invocation may transmit product details and image inputs to a paid remote service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation says generation occurs on Yufluent servers via a Replicate proxy, but it does not prominently warn users that product descriptions, image URLs, and potentially local image content are sent to a third-party remote service for processing. This creates a meaningful privacy and data-handling risk, particularly for unpublished product assets or sensitive commercial materials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal