ClawHub

Photo Captions

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only photography caption helper with no code execution, credential use, posting authority, or data exfiltration behavior shown.

Installers should expect the skill to generate many platform-specific draft captions and may also receive edit-analysis feedback. Review outputs before posting, especially if captions include location, gear, or personal context you do not want public.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states the skill triggers automatically when a user shares a photo with context, but it does not define clear activation boundaries, exclusions, or consent expectations. In an agent ecosystem, overly broad trigger conditions can cause the skill to activate in unintended contexts, processing user content unexpectedly and increasing the risk of privacy issues, prompt collisions, or unwanted automation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description is broad enough to match many ordinary photo-sharing interactions, which can cause the skill to activate when the user did not explicitly ask for caption generation. Over-broad activation increases the chance of unintended behavior, irrelevant output, and unexpected processing of user-provided image context across many platforms.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The instruction to generate captions whenever a user shares a photo with context lacks limiting conditions and does not require confirmation that the user wants multi-platform captions. This can lead to automatic invocation on ambiguous inputs, causing surprising actions and excessive output beyond the user's intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates running another skill every time, without user knowledge or consent, creating an implicit cross-skill invocation path. This is risky because it can expand data access and processing beyond the immediate request, potentially exposing image content and context to additional logic the user did not ask for.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal