ClawHub

extract-static-wallpapers-from-wallpaperengine

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but its extractor writes files using package-controlled paths, so a crafted scene.pkg could write outside the intended output folder.

Use this only on scene.pkg files you trust, preferably in a temporary or sandboxed directory with an explicit output path. Before routine use, the extractor should be changed to reject absolute paths and '..' segments, cap entry sizes, validate offsets, and allowlist the file types needed for wallpaper extraction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script writes every package entry to disk using package-controlled filenames, even though the skill is described as extracting static wallpaper PNGs and mipmaps. In this context, broad extraction unnecessarily expands the attack surface: a malicious or unexpected package can cause the agent to materialize arbitrary embedded content, including executable scripts, oversized assets, or files placed in nested paths, rather than only the expected image outputs.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill instructs running a local extraction script that writes many files and may automatically create an output directory next to the source package, but it does not warn the user about this side effect. While not a direct code-execution issue, missing disclosure can lead to unintended filesystem changes, disk consumption, and accidental writes in sensitive or synced directories.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal