ClawHub

Vision Helper — AI Image Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but users should treat screenshots and images as sensitive because they are sent to the configured Ollama or cloud vision endpoint.

Install only if you are comfortable with a helper that can read image paths you provide and send those images plus prompts to the configured Ollama endpoint. Keep OLLAMA_API_URL on localhost for private images, avoid screenshots containing passwords or confidential data, and use cloud models only when the image is safe to share with that provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'req' from os.environ.get (line 102, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
)

    try:
        resp = urllib.request.urlopen(req, timeout=timeout)
        result = json.loads(resp.read().decode())
        content = result.get("message", {}).get("content", "")
        if not content:
Confidence
96% confidence
Finding
resp = urllib.request.urlopen(req, timeout=timeout)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list includes the generic everyday term "screenshot," which can cause the skill to activate in many unrelated conversations. Because this skill encourages executing local screenshot capture and image-analysis commands, accidental invocation can lead to unintended processing of sensitive screen contents and broader-than-expected tool use.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill promotes use of cloud vision models and explicitly highlights bypassing built-in restrictions, but it does not clearly warn that images may be transmitted to remote services. This is dangerous because screenshots and desktop captures often contain credentials, personal data, internal documents, or other sensitive information that a user may assume remains local.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the entire image to the configured vision API but does not provide an execution-time warning or confirmation when that destination may be remote. In an agent/automation setting, users may assume local processing while screenshots or other sensitive images are actually transmitted to a cloud or attacker-controlled service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal