ClawHub

NVIDIA Kimi Vision

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends a user-selected image and prompt to NVIDIA's hosted vision API, but users should handle images and API keys carefully.

Install only if you are comfortable sending chosen images and prompts to NVIDIA's API. Avoid using it on private screenshots, confidential documents, or photos with personal data unless that external processing is acceptable. Store the API key with restrictive permissions and avoid passing it directly on the command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation clearly describes use of a remote NVIDIA NIM API, which implies outbound network access, yet the metadata only declares a Python binary/install requirement and no explicit permission for network usage. This creates a transparency and policy-enforcement gap: users or platforms may approve the skill without realizing it transmits data externally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users to submit images and prompts to NVIDIA's hosted model but does not warn that potentially sensitive image contents, extracted text, and user prompts leave the local environment and are processed by a third party. In a vision skill, this context makes the issue more dangerous because screenshots and photos often contain secrets, personal data, or confidential business information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script explicitly supports passing the API key as a positional command-line argument, which can expose the secret through shell history, process listings, audit logs, and job runner metadata. Even though this is presented as a convenience feature, it creates a real credential-handling weakness because users may unknowingly leak a valid API token to other local users or logging systems.

Session Persistence

Medium
Category
Rogue Agent
Content
### Step 2: Save the Key
```bash
# Option A: Save to file (recommended)
mkdir -p ~/.config
echo 'your-api-key-here' > ~/.config/nvidia-kimi-api-key

# Option B: Pass directly when running
Confidence
82% confidence
Finding
mkdir -p ~/.config echo 'your-api-key-here' > ~/.config/nvidia-kimi-api-key # Option B: Pass directly when running python3 scripts/analyze_image.py photo.jpg "What's this?" sk-your-key-here ``` ###

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal