ClawHub

Jimeng AI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Jimeng AI image/video generation skill with expected cloud API credential use, network calls, and documented local task files.

Install only if you are comfortable sending prompts and generation parameters to VolcEngine and storing task metadata plus generated media locally. Use temporary or least-privileged VolcEngine credentials where possible, keep output folders out of source control, and avoid enabling debug mode in shared terminals, CI, or support logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (9)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly documents that prompts and task metadata are persistently stored on disk using a prompt-derived MD5 folder name, but it does not warn users that potentially sensitive prompts, API responses, and task IDs will remain locally accessible. In an AI generation tool, prompts may contain confidential business ideas, personal data, or regulated content, so silent retention increases privacy and data exposure risk, especially on shared machines or CI environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly documents that prompts, task parameters, and API responses are stored on disk, but it does not warn that prompts may contain sensitive user input and responses may include URLs, identifiers, or other metadata. In an AI-generation skill, users may submit private or proprietary text, so silent persistence can create unintended local data exposure, especially on shared machines or in CI/workspace environments.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README instructs users to export long-lived access credentials and tokens but does not include guidance on secure secret handling, such as avoiding shell history leaks, committing credentials, or exposing them in shared terminals and logs. Because this skill depends on cloud API credentials, weak documentation around secret hygiene increases the risk of credential disclosure and downstream account abuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that prompts, task state, and API responses are stored on disk under deterministic folders derived from MD5(prompt), but it does not warn that prompts and metadata may contain sensitive information. Local persistence increases the risk of accidental disclosure through shared machines, backups, logs, or other local users, and MD5-based naming can enable prompt correlation or guessing for common prompts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires third-party cloud credentials and sends user prompts to an external API, but the documentation does not clearly warn users that their content leaves the local environment. Users may unknowingly transmit confidential, regulated, or proprietary text to the provider, creating privacy, compliance, and data governance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.6.0",
    "crypto-js": "^4.2.0"
  },
  "devDependencies": {
Confidence
88% confidence
Finding
"axios": "^1.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "dependencies": {
    "axios": "^1.6.0",
    "crypto-js": "^4.2.0"
  },
  "devDependencies": {
    "@types/crypto-js": "^4.2.0",
Confidence
82% confidence
Finding
"crypto-js": "^4.2.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"devDependencies": {
    "@types/crypto-js": "^4.2.0",
    "@types/node": "^20.0.0",
    "ts-node": "^10.9.0",
    "typescript": "^5.0.0"
  }
}
Confidence
76% confidence
Finding
"ts-node": "^10.9.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
axios==1.6.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal