ClawHub

image-hosting

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads selected images to a public image host and includes an optional paid upload path, with no hidden code, persistence, or unrelated access.

Install only if you are comfortable sending selected images to img402.dev and receiving public links. Do not upload private screenshots, confidential documents, personal data, or images with sensitive metadata, and require explicit approval before using the paid x402 endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is advertised as a simple free, no-auth image host, but the documentation also introduces a paid token-based upload flow via x402. This expands the skill’s operational scope into payments and token handling without clear need, increasing the chance an agent invokes billing-related actions or handles payment credentials in contexts where only free public hosting was expected.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Including payment-gated token acquisition in a skill whose stated purpose is free image hosting creates unnecessary capability expansion beyond the declared use case. In agent environments, this can lead to unauthorized spending attempts, confusion about when paid actions are permitted, or mishandling of payment-linked tokens.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation condition is broad enough to encourage use whenever a public image URL might be convenient, rather than only when a user explicitly wants third-party public hosting. In practice, this can cause agents to upload local or generated images containing sensitive information to a public service without sufficiently confirming necessity or user intent.

Missing User Warnings

High
Confidence
96% confidence
Finding
The instructions tell the agent to upload images to a public third-party host and then use the returned public CDN URL, but they do not prominently warn that this makes the image publicly accessible. This is especially risky because images may contain sensitive visual content or embedded metadata, and the skill’s context explicitly encourages broad sharing use cases.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal