ClawHub

lingjingtest

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent JoyCreator API helper, but it sends prompts and public media URLs to JD Cloud using the user’s App Key.

Install this only if you intend to use JD Cloud JoyCreator. Use a dedicated, revocable App Key, prefer JOYCREATOR_APP_KEY or the hidden prompt over --api-key, confirm each job before submission, and avoid confidential prompts, regulated data, or private images unless you are comfortable exposing them through public URLs and the JoyCreator service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to collect a JoyCreator App Key and perform outbound API calls, which means it uses environment/secret handling and network capabilities without declaring corresponding permissions. Undeclared capabilities reduce transparency and can cause the host agent to expose secrets or permit network actions the user and platform did not clearly authorize.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger conditions are extremely broad, including generic phrases like 'AI绘图', 'AI视频生成', '想画图', and '想做视频', and the text says the skill 'must' be used whenever those appear. This can cause the skill to activate for ordinary conversation and funnel users into providing credentials or invoking external APIs unexpectedly, increasing the chance of unwanted data disclosure or action-taking.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation requires image-to-video inputs to be publicly accessible URLs but does not warn that this can expose private user images to the public internet or unintended third parties. In a media-generation skill, users may upload personal or sensitive images, so omitting a privacy warning materially increases the risk of accidental data disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example shows prompts and optional reference image URLs being sent to a third-party cloud endpoint but does not warn that user content is uploaded off-platform. In a skill that is intended to be invoked automatically for image/video generation, this omission can cause users or integrators to unknowingly transmit sensitive prompts, image URLs, or personal media to an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section documents video-generation and subject-reference inputs, including first/last frame images and subject_reference objects, but omits any warning that these media references and prompts are uploaded to a remote service. Because these inputs may contain personal likenesses or proprietary assets, lack of disclosure increases privacy, compliance, and consent risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The video-routing trigger list includes broad, common terms such as '动画', '动图', or '做视频', which can cause the skill to activate for ambiguous user requests that are not clearly intended for JoyCreator. In this skill's context, forced invocation is especially risky because the metadata says the skill 'must' be used for a wide set of terms, so overbroad matching can misroute conversations, override user intent, and trigger downstream API actions unnecessarily.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The rule requiring Chinese prompts ('中文 prompt 保持中文,无需强制翻译为英文') hard-codes output language behavior without considering the user's language preference. In a multilingual assistant, this can degrade accuracy, lead to unintended transformations of user input, and cause the model-routing pipeline to produce outputs the user did not request, though it is primarily a quality and policy-control issue rather than a direct security exploit.

External Transmission

Medium
Category
Data Exfiltration
Content
### 请求示例

```bash
curl -X POST "https://model.jdcloud.com/joycreator/openApi/submitTask" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${JOYCREATOR_APP_KEY}" \
  -H "x-jdcloud-request-id: $(uuidgen)" \
Confidence
84% confidence
Finding
curl -X POST "https://model.jdcloud.com/joycreator/openApi/submitTask" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${JOYCREATOR_APP_KEY}" \ -H "x-jdcloud-request-id: $(uuid

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal