ClawHub

Baoyu Article Illustrator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate article illustration workflow, but users should expect it to create and modify local article/image files.

Install this if you want an agent to help generate and insert images for articles. Before running it, keep work under version control or backups, prefer project-local preferences unless you want global behavior, and review any planned file replacements or article edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill advertises broad trigger phrases like "add images" and "generate images for article," which are common requests that could cause this skill to activate in situations where the user did not specifically want its multi-step workflow, file writes, or image-generation behavior. Because the skill performs blocking pre-checks, reads local configuration paths, and may modify article files and generate auxiliary files, overbroad invocation increases the chance of unintended execution and side effects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup flow directs the agent to create and write an EXTEND.md file in either the project directory or the user's home directory, but it does not require an explicit warning that a filesystem modification will occur. Because one option writes to a user-scoped path affecting all projects, this creates persistent state beyond the current task and can surprise users or modify future agent behavior without sufficiently clear consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to copy, create, rename, and save files in the user's workspace, including backup behavior, without an explicit user-facing warning that local files will be modified. In an agent setting, this can lead to unexpected filesystem changes, especially when the user may think the task is purely analytical or generative rather than write-capable.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section mandates writing outline files, prompt files, and backup files as a blocking prerequisite to generation, but does not require a clear warning or consent checkpoint before making those filesystem changes. Because the writes are automatic and numerous, the risk is unintended data modification, clutter, or writing into sensitive project directories without the user's informed approval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The generation step instructs the agent to rename existing image files to backups and then generate replacements, but it does not require an explicit warning that existing images will be altered or displaced. In practice, this can surprise users, disrupt repositories, and cause accidental loss of expected filenames or downstream references even if backups are created.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal