ClawHub

Immich API Connector

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Immich connector, but it needs review because the album downloader can write files outside the chosen download folder if an Immich server returns unsafe names.

Install only if you are comfortable giving the agent access to your Immich photo library. Use a dedicated least-privilege Immich API key, avoid passing the key directly on the command line, require explicit confirmation before uploads, deletes, shared-link creation, user management, scans, or job triggers, and avoid or fix download_album.py until it sanitizes album and file names and confines writes to the selected output directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs the agent or user to perform network operations against an external Immich instance, but there is no declared permission boundary or explicit capability declaration in the skill metadata. That creates a security and governance gap: the skill can initiate authenticated requests to a remote service without transparent permission scoping, increasing the risk of unintended data access or modification.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are very broad, especially 'Any Immich-related photo tasks,' which could cause the skill to activate for loosely related requests. Over-broad invocation increases the chance the agent selects this skill in contexts involving sensitive media, user management, or destructive operations when a narrower or read-only tool would be more appropriate.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises and demonstrates uploads, downloads, library scans, job execution, album creation, and user enumeration without warning that these actions may exfiltrate media, overwrite local files, or modify server-side state. In a photo-management context, this is more dangerous because assets often contain highly sensitive personal data, and administrative endpoints can affect many users or large media libraries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal