ClawHub

Cat Selfie

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate cat images as advertised, but editable scene prompts are passed through a shell command, so a modified scene could run local commands.

Review before installing. Use only trusted scene files, avoid custom prompts containing shell metacharacters until command execution is fixed to use argument arrays, verify the separate volcengine-image-generate skill, and expect prompts to be sent to Volcengine with possible API costs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README instructs users to configure an external API key and use a cloud image-generation service, but it does not clearly disclose that prompts and related image-generation data will be transmitted to a third-party provider. This is a real documentation/privacy weakness because users may unknowingly send sensitive content, though the skill’s stated purpose is ordinary image generation rather than covert exfiltration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly suggests integrating the skill into a heartbeat mechanism that will automatically generate and then send images, but it does not clearly warn users that this triggers external network calls to a third-party image-generation service and may incur cost, transmit prompts, or produce repeated automated outbound actions. In an agent setting, undocumented autonomous network use and message sending increase the risk of surprise data exposure, quota exhaustion, and unintended spam-like behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal