ClawHub

HY 3D Generation

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Tencent Cloud 3D-generation helper, but it automatically installs an unpinned Python SDK during normal use, which changes the user's environment without a clear setup boundary.

Review before installing. This skill may be useful if you intend to use Tencent Cloud for 3D generation and are comfortable sending prompts and images there. The main concern is that normal script execution can automatically install an unpinned Python package; prefer installing reviewed, pinned dependencies yourself in a controlled environment before using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud.ai3d  # noqa: F401
    except (ImportError, ModuleNotFoundError):
        print("[INFO] tencentcloud-sdk-python (ai3d) not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
95% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud.ai3d  # noqa: F401
    except (ImportError, ModuleNotFoundError):
        print("[INFO] tencentcloud-sdk-python (ai3d) not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
95% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud.ai3d  # noqa: F401
    except (ImportError, ModuleNotFoundError):
        print("[INFO] tencentcloud-sdk-python (ai3d) not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
96% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Installing Python packages during execution is not necessary for the core logic of submitting 3D-generation jobs and expands the attack surface at runtime. In a security-sensitive agent environment, this behavior can undermine reproducibility, bypass dependency review, and enable unvetted code execution from third-party repositories.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
A 3D job-querying utility should only query task status, but this script also modifies the Python environment by installing packages on the fly. That behavior is outside the core purpose of the skill and increases supply-chain and execution risk because merely running the query tool can fetch and install code from external sources.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Installing Python packages at runtime gives the skill broader system modification capability than its stated purpose requires. In an agent or hosted environment, this can enable unreviewed dependency retrieval, network access, and execution of package install hooks, making supply-chain compromise or environment drift materially more dangerous.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically send user-provided prompts, image URLs, or Base64 image data to Tencent Cloud without confirmation. This is a data-transfer/privacy issue because user content may be sensitive, and the zero-interaction rule bypasses informed consent for third-party transmission.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends user-supplied prompts, image URLs/base64 image content, and authenticated API requests to Tencent Cloud, but it does not present an explicit warning or consent boundary at the point of transmission. In an agent setting, this can cause unintended disclosure of sensitive user data or internal media to a third-party service if callers assume the skill operates locally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script automatically performs a pip install without obtaining user confirmation or presenting meaningful warning about environment modification. In agent or automation contexts, this can silently change the host system, introduce unreviewed third-party code, and bypass administrative expectations about when software installation is allowed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal