ClawHub

Giggle Generation Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a normal Giggle image-generation integration, but users should know their prompts, reference images, and resulting signed links are handled by giggle.pro.

Install only if you are comfortable sending image prompts, reference images or image URLs, and your Giggle API requests to giggle.pro. Avoid confidential content, keep returned signed image links private, and consider clearing remembered task IDs for sensitive generations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends user prompts and potentially reference images to an external service, but the description does not clearly warn the user about that data transfer. This creates a privacy and consent risk, especially if users provide sensitive images or confidential text expecting local-only handling.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad everyday phrases such as “生成图片”, “画画”, and “创建图片”, which can cause the skill to activate in contexts where the user did not clearly intend to send data to an external image-generation service. In this skill, unintended activation is more dangerous because prompts and possibly reference images may then be transmitted to a third-party API, creating privacy and consent risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to send user prompts and optional reference images to giggle.pro but does not warn users that their content will be transmitted to a third-party service. This omission can lead to disclosure of sensitive text, private images, or signed URLs without informed user consent, which is particularly risky in an image-generation workflow.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to return full signed asset URLs containing access-bearing query parameters such as Policy, Key-Pair-Id, and Signature. Exposing these tokens in responses can allow unintended sharing or replay of private asset access, especially if responses are logged, copied, or shown to other parties.

Ssd 3

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to store task identifiers with timestamps in memory for later retrieval. Even if task IDs are not secrets by themselves, retaining user-linked operational metadata beyond the immediate request can enable unnecessary tracking, cross-session correlation, or accidental disclosure of another user's job status in shared or imperfectly isolated memory contexts.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
96% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
requests

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal