ClawHub

Coze Image Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real Coze image-generation skill, but it can send prompts and a bearer API token to a caller-configured URL without host validation, so it needs review before installation.

Install only if you trust the publisher and the configured Coze endpoint. Use a limited Coze token, set your own project and session ID, avoid letting prompts or untrusted callers set api_url, and assume image prompts and related request metadata will be sent to an external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly relies on environment variables and outbound network access to an external Coze endpoint, yet it does not declare permissions accordingly. Missing permission declarations reduce transparency and can bypass user/admin expectations about what the skill can access, increasing the chance of unintended secret use or external data transmission.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to send prompts and an API token to a third-party Coze endpoint, but it does not clearly disclose that user input and credentials are being transmitted off-platform. In a skill context, this omission is security-relevant because users may unknowingly expose sensitive prompts, proprietary data, or credentials to an external service they did not explicitly consent to use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description and usage text do not clearly warn that prompts and related data are sent to a third-party Coze API service. This creates a data-handling transparency issue: users may submit sensitive prompts or embedded personal/business information without realizing it will leave the local environment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation while its description and default prompt are broad enough that an agent may activate it whenever a user asks for image creation, without clear user confirmation or narrow trigger conditions. This can cause unintended calls to an external image-generation service, exposing user prompts or producing unrequested content, especially in autonomous workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal