ClawHub

Alibaba Cloud Bailian Qwen Image 2.0 image generation. Supports text-to-image and image-to-image (reference image + text). For product promotion image generation, e-commerce image editing, marketing material creation. Provides Python API, CLI tool, and ComfyUI custom nodes.

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud image-generation skill, but users should understand that prompts, selected images, and a DashScope API key are involved.

Install only if you are comfortable sending prompts and any selected reference images to Alibaba Cloud Bailian/DashScope and using a DashScope API key in this environment. Keep the .env file limited to the needed API key, avoid submitting sensitive or regulated images unless approved, and pin current patched versions of requests and Pillow for production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes use of environment variables, local file inputs, and outbound network access, but no explicit permissions declaration is provided. This can mislead users and platform tooling about the skill's actual capabilities, reducing informed consent and making risky data access or transmission easier to overlook.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The node automatically searches current and parent directories for a .env file and imports every key/value pair into the process environment. That behavior broadens the trust boundary beyond the plugin directory, can unintentionally ingest unrelated secrets from the host or ComfyUI install tree, and is not necessary for basic image generation beyond a narrowly scoped API key lookup.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user prompts and potentially user-supplied reference images to Alibaba Cloud's remote image-generation service, but the description does not clearly disclose this data flow. In this context, that omission is significant because reference images may contain proprietary, personal, or sensitive visual content, and users may reasonably assume processing is local unless told otherwise.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow tells users to configure DASHSCOPE_API_KEY but does not disclose that prompts and uploaded reference images are likely sent to Alibaba Cloud's external Bailian service for processing. This can lead users to unknowingly transmit proprietary product images, marketing materials, or sensitive prompt content to a third party, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The image-to-image path writes the input image to a persistent temporary file on disk using delete=False before uploading it. Although the file is removed in a finally block, sensitive image contents may still be exposed to other local processes during execution or left behind if the process crashes, which is a privacy weakness for a tool handling user images.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Pillow>=9.0.0
Confidence
90% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Pillow>=9.0.0
Confidence
95% confidence
Finding
Pillow>=9.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
83% confidence
Finding
requests

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
94% confidence
Finding
Pillow

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal