ClawHub

Reverse Image Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward reverse image search integration, but using it sends image URLs or uploaded image files to SearchThisImage.

Install only if you are comfortable sending searched images or image URLs to SearchThisImage. Avoid private, regulated, or confidential images unless the provider's privacy terms meet your needs, use a dedicated API key, and ensure temporary image files are deleted after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

External Transmission

Medium
Category
Data Exfiltration
Content
If the user provides an image URL (a direct link to an image), use:

```bash
curl -s -X POST https://api.searchthisimage.com/api/v1/search/url \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $SEARCHTHISIMAGE_API_KEY" \
  -d '{"image_url": "IMAGE_URL_HERE"}'
Confidence
86% confidence
Finding
curl -s -X POST https://api.searchthisimage.com/api/v1/search/url \ -H "Content-Type: application/json" \ -H "X-API-Key: $SEARCHTHISIMAGE_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
If the user provides an image URL (a direct link to an image), use:

```bash
curl -s -X POST https://api.searchthisimage.com/api/v1/search/url \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $SEARCHTHISIMAGE_API_KEY" \
  -d '{"image_url": "IMAGE_URL_HERE"}'
Confidence
86% confidence
Finding
https://api.searchthisimage.com/

External Transmission

Medium
Category
Data Exfiltration
Content
If the user sends/uploads an image file, first save it to a temporary path, then use:

```bash
curl -s -X POST https://api.searchthisimage.com/api/v1/search/upload \
  -H "X-API-Key: $SEARCHTHISIMAGE_API_KEY" \
  -F "file=@/path/to/image.jpg"
```
Confidence
96% confidence
Finding
https://api.searchthisimage.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal