ClawHub

Volc Image Gen

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Volcengine image-generation skill, but users should treat prompts, input images, API keys, logs, and saved image files with normal privacy caution.

Install only if you are comfortable sending prompts and input images to Volcengine. Use a dedicated low-quota API key, keep VOLC_API_BASE on the official endpoint unless you deliberately trust another service, avoid confidential or regulated images, and remember that outputs and downloaded input images can remain in /tmp/openclaw while prompts and paths may appear in runtime logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to configure an API key and use a remote image-generation service, but it does not clearly disclose that prompts and input images may be sent to a third-party provider for processing. This can cause unintentional exposure of sensitive text or images, especially if users assume all processing is local.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The documentation references local output paths and a temporary directory but does not clearly warn that generated or downloaded images are written to local storage. Users may unknowingly leave sensitive or proprietary images on disk, where they could persist longer than expected or be accessible to other local processes/users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation clearly states the skill sends user prompts and input images to Volcengine's external image-generation service, but it does not warn users that their content will leave the local environment and be processed by a third party. This creates a real privacy and data-governance risk, especially if users provide sensitive images, proprietary designs, or confidential prompts under the assumption of local processing.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill instructs users to export a live API key in shell startup files but does not include any warning about treating the credential as secret, avoiding commits, restricting file permissions, or rotating leaked keys. While this is documentation rather than direct exfiltration logic, weak guidance around credential handling materially increases the chance of accidental disclosure and downstream account misuse.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The alias set for the image generation command includes very generic triggers such as "img", "image", and common Chinese phrases for generating pictures. In an agent environment, broad aliases increase the chance of accidental invocation from normal conversation, which can trigger network calls, content generation, and downstream file creation without clear user intent.

Vague Triggers

Low
Confidence
86% confidence
Finding
The help command uses vague aliases like "帮助" and "usage", which are likely to appear in ordinary conversation or meta-queries. This can unintentionally activate the skill and steer the agent into the skill's help flow, causing confusion and making command routing less predictable.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manifest advertises automatic local image downloads, but it does not disclose any confirmation step, destination restrictions, or safety checks. In practice, automatic file writes can consume disk space, create unwanted files, or save untrusted remote content locally without clear user consent, which is more risky in a skill that generates content from external APIs.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal