ClawHub

Openai Image Gen

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is mostly purpose-aligned, but it has review-worthy safety issues in its run instructions and generated HTML gallery.

Install only if you are comfortable reviewing how it is run. Invoke the packaged scripts/gen.py directly, verify OPENAI_BASE_URL and OPENAI_API_BASE are unset or trusted, use a protected OpenAI API key, and avoid opening generated index.html files from untrusted prompt text until the prompt escaping issue is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'url_img' from os.environ.get (line 197, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
elif url_img:
            # Some models/servers return a temporary URL instead of b64_json.
            try:
                with urllib.request.urlopen(url_img, timeout=args.timeout) as resp:
                    img = resp.read()
            except Exception as e:
                raise SystemExit(f"failed to download image url: {e}")
Confidence
93% confidence
Finding
with urllib.request.urlopen(url_img, timeout=args.timeout) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates use of an environment variable and outbound API calls, but it does not declare corresponding permissions. That creates a transparency and governance gap: users or hosting systems may run the skill without realizing it accesses API secrets and sends data off-host, which can lead to unintended secret exposure or policy bypass.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells users to generate images through the OpenAI Images API but omits a clear warning that prompts and generation requests are transmitted to a third-party remote service. Users may include sensitive or proprietary prompt content under the assumption processing is local, causing unintended external disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal