ClawHub
Back to skill

Security audit

HY Image Generation

Security checks across malware telemetry and agentic risk

Overview

This skill is a Tencent Cloud image-generation helper whose cloud API use and credential needs match its stated purpose, with setup and billing/privacy cautions.

Install only if you intend to use Tencent Cloud Hunyuan for image generation. Use a least-privilege Tencent API key, avoid confidential prompts or private image URLs, watch for quota or billing impact, and consider installing a pinned Tencent SDK yourself instead of relying on the skill's automatic pip install.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud  # noqa: F401
    except ImportError:
        print("[INFO] tencentcloud-sdk-python not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
95% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud  # noqa: F401
    except ImportError:
        print("[INFO] tencentcloud-sdk-python not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
95% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud  # noqa: F401
    except ImportError:
        print("[INFO] tencentcloud-sdk-python not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
93% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This finding captures the same underlying issue more directly: the skill installs a Python package at runtime via pip even though image generation does not require self-modifying behavior. Runtime package installation expands the attack surface to package indexes, mirrors, dependency confusion, and tampered artifacts, and can result in arbitrary code execution during installation or import. In an agent skill, that behavior is especially risky because the environment may hold secrets such as cloud credentials used immediately afterward.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Installing Python packages at runtime is not necessary for querying an image-generation job and creates avoidable supply-chain and execution risk. Because pip installation executes in the current environment and may honor user/system package index settings, an attacker who can influence dependency resolution or network traffic could cause untrusted code to be installed.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Installing Python packages at runtime is not necessary for the core task of submitting an image-generation job and introduces a software installation capability into the skill. This increases risk because the script fetches and executes code from an external repository during normal operation, creating supply-chain and environment-integrity concerns.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to perform external image-generation actions with 'zero interaction' and 'without asking for confirmation.' That is dangerous because it can trigger billable third-party API calls, transmit user prompts and possibly image URLs to Tencent Cloud, and use stored credentials without an explicit consent boundary.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs an automatic pip install without explicit consent before making a change to the local system. Even though it prints an informational message, it still proceeds immediately, which is risky for a CLI tool because it modifies the environment and may execute untrusted package code without an opt-in step.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.