ClawHub

Image Quality Filter

Security checks across malware telemetry and agentic risk

Overview

This skill performs local image-quality scanning and has disclosed move/delete options, so it is reasonable to install with care around destructive actions.

Use the default list mode first, review the flagged images and thresholds, and prefer move over delete for important datasets. Keep backups before using --action delete, because any confirmed deletion removes files from the selected local image folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file presents itself as an image quality detector/filter, but it also includes a destructive code path that permanently deletes files when invoked with --action delete. This mismatch increases the chance that a user or calling agent will treat the tool as read-only or low-risk and trigger irreversible file loss in an automation context.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The CLI help frames the command as a scan operation, but the same command can also delete or move files based on scan results. In agent-driven or scripted use, this kind of misleading interface can cause unintended destructive actions because the command semantics do not clearly communicate that it mutates the filesystem.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documentation explicitly demonstrates a destructive delete action for low-quality images but does not provide a clear warning about permanent data loss, scope of deletion, or safer alternatives. In an agent or automation context, users may run the example as-is and unintentionally delete valuable images, especially when quality thresholds produce false positives.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal