ClawHub

Keplerjai Image Gen

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill does what it claims, but it ships live-looking ThinkZone API keys in code and documentation and may send user prompts or images to a paid external service.

Review before installing. Do not use or rely on the bundled ThinkZone keys; they should be revoked and removed by the publisher. Install only if you are comfortable providing your own key, paying for external image-generation calls, and sending prompts or reference images to ThinkZone; avoid private, regulated, or confidential content unless your policy allows it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares required environment variables but does not expose an explicit permission model despite invoking shell commands, writing files, and making outbound network requests. This can lead to under-scoped review and unexpected execution capabilities, especially in agent frameworks where permission declarations are used to gate risky actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
A description-behavior mismatch is security-relevant because it prevents reviewers and users from understanding what the skill actually does. If the broader package includes hardcoded API keys, test code that injects credentials, and support for undeclared models, it creates a real risk of secret exposure, unauthorized third-party use, and hidden external interactions beyond the stated 3-model scope.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The document embeds what appears to be a real ThinkZone API key directly in a markdown file. Exposed secrets can be copied by anyone with repository or workspace access and then used to make unauthorized API calls, incur charges, or access related service data; in a globally available image-generation skill, this is especially dangerous because the key is tied to an external paid service and the file explicitly describes active use.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The function claims to read configuration from environment variables, but silently falls back to a hardcoded live API key. This embeds a secret in source code, enables unauthorized use by anyone with access to the script, and can cause untracked billing or abuse of the linked account.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The file hardcodes a live API credential directly into source code and exports it through environment variables. Embedded secrets are easily leaked via source control, logs, code sharing, or downstream execution, enabling unauthorized use of the external image-generation service.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file contains a live-looking raw API key embedded directly in documentation and repeatedly instructs users to paste it into environment variables and test commands. This is a credential exposure issue: anyone with access to the repository or skill package can reuse the key to make unauthorized API calls, incur charges, abuse the linked account, or pivot into related services if the key has broader scope.

Missing User Warnings

High
Confidence
99% confidence
Finding
The document contains what appears to be a live ThinkZone API key and explicitly instructs users to export it directly, which is a credential exposure issue. Anyone who obtains this file can reuse the key for unauthorized API access, billing abuse, or service impersonation, and the image-generation skill context increases the likelihood of immediate misuse because the key is paired with ready-to-run test commands.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is documented as a global skill that will automatically trigger for broad, common phrases like 'generate image' or 'make a picture' across any agent. Overly broad automatic invocation can cause unintended external API calls, surprise data sharing, unwanted cost consumption, and prompt-routing mistakes, especially when combined with a paid third-party service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation says the agent will automatically identify image-generation intent, choose a model, and send requests, but it does not warn users that prompts and reference images may be transmitted to an external provider. This creates a privacy and consent risk because users may unknowingly send sensitive text or images to a third-party service as part of an automated workflow.

Missing User Warnings

High
Confidence
99% confidence
Finding
This documentation exposes a real API key and explicitly instructs users to hardcode it into source code, set it in machine-wide environment variables, and paste it into shell commands. That creates immediate credential leakage risk through source control, logs, screenshots, process history, shared documentation, and reuse by unauthorized parties; in an agent skill context, this is especially dangerous because multiple agents or operators may access the same workspace and inherit the secret.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents sending prompts and optional reference images to an external third-party API but does not clearly warn users that their inputs leave the local environment. In an image-generation skill, prompts and uploaded images may contain sensitive personal, proprietary, or regulated data, so the missing disclosure creates a real privacy and compliance risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger phrases like generic 'draw/generate image' language increase the chance of accidental invocation in ordinary conversation. In this skill's context, accidental invocation can cause unintended network transmission of prompts and reference images to an external service and may consume paid API credits.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends user prompts and potentially reference images to an external ThinkZone AI service, but the markdown lacks a user-facing disclosure. This is dangerous because users may unknowingly transmit sensitive text or images to a third party, creating privacy, compliance, and data-handling risks.

Missing User Warnings

High
Confidence
99% confidence
Finding
The document exposes what appears to be a live ThinkZone API key directly in Markdown. Anyone with access to this file can reuse the credential to generate images, incur costs, exhaust quotas, or access associated account resources; the fact that it is presented as a successful tested configuration increases the likelihood that the secret is valid.

Missing User Warnings

High
Confidence
99% confidence
Finding
The example commands instruct users to export the API key in plaintext, and the key itself is embedded in the documentation. This compounds the exposure by making copy-paste misuse trivial and can also leak the secret through shell history, screenshots, logs, terminal recordings, or shared documentation.

Missing User Warnings

High
Confidence
99% confidence
Finding
A hardcoded fallback credential allows the script to access an external paid/service account without clear user disclosure or consent. In a skill/plugin context this is especially risky because the agent may perform network actions under someone else's credentials, obscuring accountability and enabling abuse.

Missing User Warnings

High
Confidence
99% confidence
Finding
Setting a sensitive API credential in code without disclosure or safeguards materially increases the chance of secret exposure and unauthorized external API use. In the context of an image-generation skill, a bundled credential could also cause unsuspecting operators to make billable or policy-relevant requests under the author's account.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal