ClawHub

Info Card

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local card-image generator, with some normal caution around Playwright, remote image URLs, and untrusted card data.

Install this if you want a local Python/Playwright card generator. Be aware it may require installing Playwright/Chromium, runs a headless browser, writes generated files to /tmp or your chosen output path, and can load remote image/avatar URLs or fonts during rendering. Avoid feeding untrusted JSON or URLs into it unless you are comfortable with those resources being fetched from your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Multiple renderers interpolate user-controlled fields directly into HTML that is then loaded by Playwright with page.set_content(..., wait_until="networkidle"). Because fields such as image_url, avatar_url, and arbitrary text are not sanitized or constrained, an attacker can cause the headless browser to fetch remote resources, potentially leaking network metadata, accessing internal-only endpoints from the host environment, or embedding active HTML/CSS that changes rendering behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include very generic terms such as “card”, “海报”, “生成卡片”, and “做一张图”, which can match many ordinary user requests unrelated to this specific skill. Overbroad invocation increases the chance of accidental activation, causing unintended tool use, file generation, or user confusion about why a specialized renderer was selected.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill is explicitly framed around a specific '小红书风格' output and Chinese-language presentation, which can steer responses into a fixed locale/style without confirming user preference. This is not a direct code-execution issue, but it can cause unwanted behavior, misaligned output, or accidental disclosure of assumptions about user language and formatting expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal