ClawHub

Furry Art Skill

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward remote image-generation skill, but users should treat prompts and the API token as being sent to the documented Neta/TalesOfAI service.

Install only if you are comfortable sending your prompt, optional reference image UUID, and Neta/TalesOfAI API token to api.talesofai.com. Prefer short-lived or restricted tokens, avoid sensitive prompts, and avoid putting long-lived tokens directly in shell history or shared terminal logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares only a Bash tool but, per the analysis, also performs network access without explicitly declaring that capability. Hidden or undeclared network behavior reduces transparency and can expose prompts, tokens, or generated content to external services without the user understanding the full trust boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description says it uses the Neta AI API, but the analysis indicates it actually contacts api.talesofai.com and supports an undocumented --ref editing feature. This mismatch is dangerous because users may provide credentials and sensitive prompts under false assumptions about the receiving service and available functionality, enabling data exfiltration, policy bypass, or unexpected content manipulation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to supply the API token directly on the command line, which can expose the secret through shell history, process listings, terminal logging, and CI job output. Because this skill is specifically built around a paid or trial API credential, encouraging insecure secret handling increases the likelihood of token leakage and subsequent unauthorized API use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends both the user-provided prompt and the bearer-like token to a third-party service over the network, but the script provides no explicit disclosure, consent prompt, or privacy notice to the user at execution time. In an agent-skill context, this is a real data-exposure issue because prompts may contain sensitive information and the token is a secret credential that authorizes use of the external service.

External Transmission

Medium
Category
Data Exfiltration
Content
// --- Submit job ---
async function submitJob() {
  const res = await fetch("https://api.talesofai.com/v3/make_image", {
    method: "POST",
    headers: HEADERS,
    body: JSON.stringify(body),
Confidence
88% confidence
Finding
fetch("https://api.talesofai.com/v3/make_image", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
// --- Submit job ---
async function submitJob() {
  const res = await fetch("https://api.talesofai.com/v3/make_image", {
    method: "POST",
    headers: HEADERS,
    body: JSON.stringify(body),
Confidence
88% confidence
Finding
https://api.talesofai.com/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal