ClawHub

Yearbook Photo Skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate images as advertised, but it sends prompts and an API token to a remote TalesOfAI endpoint that is not consistently disclosed as the actual recipient.

Review before installing. Use only a low-scope token intended for the actual talesofai.cn/Neta service, avoid sensitive personal details in prompts or reference images, and avoid passing long-lived tokens directly on the command line. The artifacts do not show malware, persistence, or destructive behavior, but the publisher should fix the provider disclosure and token-handling inconsistencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises Bash usage and an external API token, but the manifest does not declare the network capability even though the described behavior clearly requires outbound requests. This creates a transparency and policy-enforcement gap: users and hosting systems may approve or run the skill without realizing it can transmit prompts and credentials to a remote service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
A description-behavior mismatch is dangerous because it undermines informed consent and trust boundaries: the skill claims to use the Neta AI API, but analysis indicates it actually contacts different talesofai.cn endpoints and supports extra reference-based generation behavior not disclosed to the user. This can cause users to send sensitive prompts, tokens, or image-related data to an unexpected third party and enable undisclosed functionality beyond the stated purpose.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill metadata claims it uses the Neta AI API, but the code actually sends prompts and the supplied authentication token to api.talesofai.cn. This mismatch is dangerous because users may provide credentials or sensitive prompts under false assumptions about the receiving service, enabling credential misuse, privacy violations, or deceptive data exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly instructs users to pass the API token via a command-line flag, which can expose the credential through shell history, process listings, logging, and terminal recordings. Because this skill is centered on a third-party API token, documenting an unsafe usage pattern increases the chance of credential leakage during normal use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends the user's prompt and x-token header to an external service without any in-script disclosure, confirmation, or warning. In this skill context, users may reasonably assume local prompt handling or transmission only to the advertised provider, so silent third-party transmission increases privacy and credential exposure risk.

External Transmission

Medium
Category
Data Exfiltration
Content
async function main() {
  let taskUuid;

  const makeRes = await fetch("https://api.talesofai.cn/v3/make_image", {
    method: "POST",
    headers,
    body: JSON.stringify(body),
Confidence
86% confidence
Finding
fetch("https://api.talesofai.cn/v3/make_image", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
async function main() {
  let taskUuid;

  const makeRes = await fetch("https://api.talesofai.cn/v3/make_image", {
    method: "POST",
    headers,
    body: JSON.stringify(body),
Confidence
86% confidence
Finding
https://api.talesofai.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
await new Promise((r) => setTimeout(r, 2000));

    const pollRes = await fetch(
      `https://api.talesofai.cn/v1/artifact/task/${taskUuid}`,
      { headers }
    );
Confidence
84% confidence
Finding
https://api.talesofai.cn/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal