ClawHub

Model Skin Swap Prompt Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple prompt generator with no code execution, but it asks the agent to process uploaded model images and produce region-linked skin and facial-feature changes without enough consent or user-control guardrails.

Review before installing. The skill has no executable payload and VT/static scans are clean, but it is designed for sensitive appearance changes. Use it only with images you have permission to edit, and avoid requests that infer or transform ethnicity, race, nationality, or regional facial traits unless the person has explicitly requested that framing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match common image-editing requests, which can cause the skill to activate in contexts the user did not clearly intend. In this skill, that increases the chance of automatically generating sensitive appearance-modification prompts involving race, ethnicity, or inferred regional traits without sufficient user confirmation or boundary checks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly contemplates analyzing uploaded model images but provides no warning or safety guidance about handling user-provided photos. That omission is risky because the skill processes biometric and appearance-related imagery, potentially including real people, without notice about consent, privacy, or restrictions on editing sensitive attributes.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill directs outputs to reflect country-specific aesthetic standards and to match facial features to target regions, which encourages normative, identity-linked transformation of appearance. In context, this is more dangerous than generic style transfer because it can encode stereotypes, push race/ethnicity-associated edits without explicit opt-in, and normalize discriminatory beauty standards.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Constraints

- Provide the prompt directly; do not ask the user additional questions
- Prompt should be concise and clear, ready for direct use
- All product details (fabric texture, color, folds, accessories, posture, brand logos) must remain 100% identical
- New skin tone should be natural and realistic; avoid exaggerated stereotypes
Confidence
84% confidence
Finding
do not ask the user

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal