ClawHub

TencentCloud Image Face Fusion

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: use Tencent Cloud to fuse user-provided face images, with privacy and dependency-installation risks users should understand.

Install only if you are comfortable sending the selected face and template images to Tencent Cloud and using your Tencent account credentials and quota. Use a least-privileged Tencent API key, avoid long-lived secrets in shell startup files when possible, preinstall or pin the SDK in controlled environments, keep AI-generated labeling enabled unless you have a legitimate reason, and process only images you have permission to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud  # noqa: F401
    except ImportError:
        print("[INFO] tencentcloud-sdk-python not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
91% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill requires access to environment variables and shell execution to run a Python script with cloud credentials, but it does not declare those capabilities explicitly. That creates a trust and review gap: an agent or platform may permit execution without clear disclosure that secrets from the environment and shell invocation are involved.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill performs a pip install during execution even though face-fusion functionality does not require self-modifying behavior. This means running the skill can trigger network access and execution of package installation logic, which is risky in restricted or sensitive environments and increases exposure to dependency hijacking or malicious mirrors.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to process face images and send them to a remote cloud API without asking for confirmation. Because face images are biometric data and may include sensitive personal information, automatic transmission without explicit consent materially increases privacy, compliance, and misuse risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document describes uploading face images, using remote image URLs, and generating fused face outputs, but it contains no warning or guidance about consent, lawful basis, retention, or handling of biometric data. Because face images are sensitive biometric information and the API explicitly supports identity-like high-similarity use cases, this omission can lead integrators to deploy privacy-violating or non-compliant workflows.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script sends user-provided face images or image URLs to Tencent Cloud's remote FaceFusion API, which involves biometric and potentially highly sensitive personal data. While this is necessary for the advertised functionality, the code provides no explicit consent notice, privacy warning, or data-handling disclosure before transmission, increasing privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal