ClawHub

图像生成 / Image Generation

Security checks across malware telemetry and agentic risk

Overview

This skill coherently documents a Coze image-generation workflow and local image saving, with no evidence of hidden, destructive, or unrelated behavior.

Before installing, confirm you trust the Coze workflow and dependency skill, use an intended API key and base URL, avoid sensitive prompts, and expect generated images to be saved under a local generated_images folder if the sample workflow is used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest says the skill only builds parameters and parses results, but the documented workflow also downloads a remote URL and writes a file to disk. This mismatch can mislead users, reviewers, or higher-level agents into granting the skill more trust than warranted, causing unexpected filesystem side effects.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation states the output is an image URL, yet the example workflow proceeds to persist the image locally. This underreports behavior and can cause calling agents or users to assume the skill is network-only when it also performs local writes, increasing the risk of unintended storage use and trust-boundary violations.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill documentation instructs downloading and saving generated images without a clear warning that local filesystem modifications will occur. While the write location is somewhat predictable, the absence of an explicit side-effect warning reduces informed consent and may surprise automation that expects a pure URL-returning operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal