ClawHub

PrintPal 3D Generation

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its 3D generation and SEO purpose, but its SEO workflow automatically starts a local download server and uses broad process-kill cleanup that deserves review before installation.

Review before installing. Use dedicated API keys with spending limits, avoid sensitive images or proprietary product details unless you are comfortable sending them to PrintPal, WaveSpeed, and OpenRouter, and be aware that the SEO workflow may start a localhost download server and terminate matching serve_files.py processes on the chosen port.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Kill any existing server on this port
    try:
        subprocess.run(["pkill", "-f", f"serve_files.py.*{port}"], stderr=subprocess.DEVNULL)
    except:
        pass
Confidence
94% confidence
Finding
subprocess.run(["pkill", "-f", f"serve_files.py.*{port}"], stderr=subprocess.DEVNULL)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill clearly documents and relies on capabilities including environment variables, filesystem access, network access, and shell execution, but its metadata declares only binary and env requirements rather than explicit permissions. This mismatch can cause users or the platform to underestimate the skill's effective access, especially since it downloads user-supplied URLs, writes output files, starts HTTP servers, and references external CLI usage.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Launching a local HTTP file server is not necessary to generate SEO metadata or images and exposes generated files over the network. In an agent-skill context, unexpected network serving is more dangerous because users may not realize the tool is opening a listening service accessible beyond the local process.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The script kills existing processes using pkill before starting its own server, which is an unjustified and hazardous host-control capability for this type of tool. In shared environments this can disrupt unrelated workloads or be abused operationally as a denial-of-service primitive against other local services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-supplied description, purpose, audience, and image reference to an external LLM API without an explicit runtime warning or consent mechanism. In a skill setting, users may provide proprietary product plans, customer information, or unpublished designs, making silent third-party transmission a meaningful privacy risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When given a local file path, the script uploads the image to WaveSpeed to obtain a URL, again without explicit user warning. This is risky because local images may contain sensitive designs, embedded metadata, or private prototypes that users do not expect to leave their environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal