ClawHub

Recraft AI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Recraft API image tool that sends selected prompts and images to Recraft and only has minor privacy cautions.

Install only if you are comfortable giving this skill a Recraft API token and sending selected prompts or images to Recraft for processing. Avoid confidential or regulated images unless Recraft is approved for that data, use a dedicated output folder to avoid overwriting files, and avoid running user-info where account email or credit details may be captured in shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no explicit permissions despite clearly requiring network access, file writes, and environment-secret access. This weakens user consent and policy enforcement because operators may not realize the skill can transmit data externally, write outputs locally, and consume a sensitive API token.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill is presented as an image-generation/editing tool, but it also exposes a user-info capability that retrieves account metadata such as email and credits from /users/me. That is a meaningful behavior expansion beyond the stated purpose and can surprise users by collecting or revealing personal/account information unrelated to image processing.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script includes a `user-info` capability that fetches and prints account metadata, but the declared skill purpose is image generation and editing. This scope mismatch creates unnecessary access to unrelated sensitive data and increases the chance users invoke or authorize data access they did not expect.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The `cmd_user_info` function retrieves and displays user ID, name, email, and credits, which are unrelated to the core image-processing purpose. Exposing account metadata broadens data access and can leak personally identifiable or account-sensitive information to logs, terminals, or downstream systems.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation instructs users to send prompts and input images to the Recraft API but does not clearly warn that potentially sensitive content leaves the local environment and is transmitted to a third party. In this context, users may provide private images or confidential prompt text, creating a real privacy and data-handling risk if they are unaware of the external transfer.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The setup instructions require a sensitive API token but do not explicitly warn users that it is a secret credential that must be protected and not embedded in prompts, logs, screenshots, or committed config files. While common in API-backed skills, failing to label the token as sensitive increases the chance of accidental exposure and account misuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill transmits user prompts and uploaded image files to a third-party API, but it does not provide an explicit warning or consent checkpoint about external data transmission. Users may unintentionally send sensitive images or confidential prompt content off-platform, creating privacy and compliance risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal