ClawHub

Google vertex image generator

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but its image-download fallback can send a Google access token to an arbitrary URL and it stores full API responses in a predictable temp file.

Review before installing. Use only with a minimally scoped Google Cloud account or project, avoid sensitive prompts on shared machines, and consider patching the script to restrict downloaded URLs to expected Google domains and to disable or secure the temp debug response file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd = ['curl', '-sS', '-L', uri, '-o', out_path]
    if token:
        cmd[1:1] = ['-H', f'Authorization: Bearer {token}']
    proc = subprocess.run(cmd, capture_output=True)
    return proc.returncode == 0
Confidence
86% confidence
Finding
proc = subprocess.run(cmd, capture_output=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes Python, gcloud, and curl, and relies on environment variables plus local prompt/output files, which gives it shell, file read/write, and environment access despite declaring no permissions. This creates a trust and review gap: users or platforms may approve the skill believing it is low-privilege, while it can access cloud credentials via ADC and interact with external services using those credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The full API response is written to a predictable filename in the system temp directory, which may contain sensitive prompt data, generated content, metadata, or URLs. On multi-user systems or shared environments, this increases the chance of unintended disclosure or tampering with debug artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal