ClawHub

Wip Grok

Security checks across malware telemetry and agentic risk

Overview

This is a coherent xAI Grok integration, but it needs review because its agent-exposed image editing path can read arbitrary local file paths without containment or a clear consent boundary.

Review before installing, especially if exposing the MCP tools to an autonomous agent. Use a dedicated xAI API key with spending limits, avoid confidential prompts or private media, and do not allow untrusted prompts to choose local image paths or output paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The image editing path accepts non-URL, non-data inputs as filesystem paths and reads them from local disk, expanding the skill from API mediation into arbitrary local file access. In an agent context, this can expose sensitive local files for subsequent transmission to the external xAI API, especially because the feature is not tightly constrained to an approved directory or file type beyond MIME inference by extension.

Intent-Code Divergence

Low
Confidence
94% confidence
Finding
The docstring states that edit_image accepts image URLs or base64 data URIs, but the implementation silently also reads local file paths from disk. This mismatch is security-relevant because callers may assume no local file access occurs, when in fact arbitrary readable files can be ingested and later sent to a third-party API.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises web and X search features but does not clearly warn that user queries and possibly related context will be transmitted to xAI/X-controlled external services. This can cause unintentional disclosure of sensitive prompts, proprietary data, or personal information when users treat the skill like a local capability rather than a third-party networked service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The image/video generation and editing sections describe uploading prompts, URLs, file paths, base64 images, and seed images to the external xAI API without any privacy or data-handling warning. Users may unknowingly send sensitive images, copyrighted material, or confidential prompts off-platform, creating privacy, compliance, and data leakage risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
This code reads local files from arbitrary paths and converts them to data URLs in preparation for image-edit requests, creating a path from local disk access to third-party transmission. In an agent skill, that combination materially increases data-exfiltration risk because a caller may provide a sensitive path and have its contents uploaded without a strong consent boundary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This MCP server exposes multiple network-backed tools that send user-supplied prompts, queries, images, and other inputs to xAI Grok services, but the tool definitions and handlers do not provide any explicit privacy or third-party disclosure warning. In an agent context, users may reasonably assume inputs stay local unless told otherwise; this can lead to unintended disclosure of sensitive data to an external provider.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal