ClawHub

Baoyu Cover Image

Security checks across malware telemetry and agentic risk

Overview

This is a text-only cover-image skill with disclosed local output and preference files; it has an overbroad image-safety instruction but no hidden code, credentials, or destructive behavior.

Install only if you are comfortable with the skill saving local cover-generation artifacts, copied reference images, prompts, and an EXTEND.md preferences file. Avoid using it to imitate copyrighted characters or real people without permission, and keep provider safety rules above the skill's non-refusal wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The prompt explicitly tells the model to generate stylistically similar alternatives for sensitive or copyrighted figures and to not refuse. That weakens normal safety behavior around protected likenesses and copyrighted characters by turning a refusal condition into a generation instruction, which can facilitate policy evasion in a cover-image workflow.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger condition 'when no EXTEND.md is found' is underspecified and can cause the skill to enter a setup-and-write flow in contexts where the user only wanted image generation. Because the flow is marked as blocking and leads to file creation, an agent may perform preference collection and persistence too broadly, creating unwanted state changes and increasing the chance of user confusion or consent bypass.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file instructs the agent to create and persist EXTEND.md, potentially in a user-wide location, without a clear up-front disclosure that preferences will be written to disk. This is dangerous because it can cause silent persistence of user choices across sessions or projects, violating user expectations and creating privacy and integrity risks through unanticipated state retention.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow instructs the agent to copy user-supplied files into the workspace under `refs/` and proceed after verifying they exist, but it does not require explicit user consent for writing or modifying local files. In an agent setting, silent workspace writes can surprise users, overwrite prior artifacts, or normalize unsafe file-handling behavior, especially when paths originate from user input.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions direct creation of `refs/extracted-style.md` when no file path is available, again without notifying the user that a new file will be written. Even though the content is derived metadata rather than executable code, unannounced file creation is a real side effect that can clutter or alter the workspace and violates the principle of transparent agent actions.

Ssd 1

Medium
Confidence
95% confidence
Finding
The instruction semantically discourages refusal by reframing sensitive or copyrighted figure requests as permissible 'stylistically similar alternatives.' In this skill context, that is more dangerous because the tool is designed to generate polished public-facing images, making it easy to produce infringing or policy-evading cover art at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal