ClawHub

Qwen Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Alibaba Cloud image-generation wrapper, with some risky options users should avoid unless they understand them.

Install only if you are comfortable sending prompts and generation settings to Alibaba Cloud DashScope. Use a dedicated DashScope API key, avoid passing real keys directly on the command line, do not include secrets or regulated data in prompts, avoid --no-verify-ssl except in a controlled proxy setup, and save files only to paths you intentionally choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'image_url' from requests.post (line 163, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
output_path.parent.mkdir(parents=True, exist_ok=True)
            
            print("Downloading image...")
            img_response = requests.get(image_url, timeout=30, verify=not args.no_verify_ssl)
            img_response.raise_for_status()

            # Save the image
Confidence
95% confidence
Finding
img_response = requests.get(image_url, timeout=30, verify=not args.no_verify_ssl)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs operators to source API keys from local config files and environment variables but provides no warning about sensitive credential handling, redaction, or avoiding exposure in logs and command history. In this context, the examples also show passing the API key on the command line, which increases the chance of accidental disclosure through shell history, process listings, transcripts, or agent logs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented `--no-verify-ssl` option disables TLS certificate verification and is presented as a normal workaround for corporate proxies without a strong warning. This makes man-in-the-middle interception of API traffic more feasible, potentially exposing prompts, generated media URLs, and especially API credentials sent to the remote service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal