ClawHub

Generate product photos for ecommerce

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward ProductAI.photo integration, but users should treat API keys and submitted product images as sensitive.

Install this only if you intend to use ProductAI.photo and are comfortable sending product image URLs, prompts, and related job data to that third-party service. Prefer entering the API key through the local setup script or a secret manager instead of pasting it into chat, avoid confidential or regulated product assets unless approved, and monitor token usage for batch jobs and upscaling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents shell execution, local file writes, and network access but does not declare permissions, which weakens user awareness and any permission-gating the platform may rely on. In this context, the behavior appears related to normal setup and API usage rather than overtly malicious activity, but the missing declaration still increases the chance of unintended credential storage and external transmission without informed consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The stated description focuses on generating and transforming product photos, but the documented behavior also includes credential setup/storage, asynchronous job management, and a separate upscaling workflow. This mismatch can mislead users and reviewers about the actual operational scope, especially where credentials are persisted locally and data is sent to an external service.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The document explicitly instructs the agent to collect a user's API key from chat and persist it to a local config file. That expands the skill from image generation into credential handling, increasing the chance of secret exposure through chat logs, agent memory, local file compromise, or misuse beyond what users may expect.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The guidance says the API key is 'saved securely' but the example writes it as plaintext JSON to disk, protected only by file permissions. This is misleading and dangerous because plaintext secrets remain exposed to local malware, backups, accidental sharing, developer tooling, and other processes running as the same user.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The guide explicitly instructs an agent to ask the user for a raw API key and then handle it programmatically. Even though it says not to log or display the key, normal agent conversation, tracing, telemetry, screenshots, or chat history can still capture the credential, so collecting secrets directly in chat materially increases exposure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The sample conversation normalizes users pasting live API keys into chat, but provides no warning that conversational channels may be logged, retained, or visible to operators and integrated systems. This creates a realistic path to credential leakage and unauthorized use of the user's ProductAI account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick start instructs users to provide product image URLs to the generation script but does not clearly warn that those URLs, and the referenced image content, will be sent to ProductAI's external service for processing. In a product-photography skill, this data flow is expected, but the missing disclosure can still cause inadvertent exposure of confidential or pre-release product assets, especially in enterprise or client workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to paste an API key and save configuration without clearly warning that the credential will be stored in a local JSON file in plaintext. File permissions of 600 reduce casual exposure, but do not provide encryption or protect against local compromise, backups, sync tools, or accidental disclosure of the config file.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The sample conversation shows the agent proceeding from receiving the API key in chat to saving and testing it, without an explicit warning or confirmation before persistence. This normalizes unsafe secret handling and increases the chance of users unknowingly exposing credentials in conversation logs and local storage.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation wording is broad enough to match many generic requests involving images, marketing, catalogs, or campaigns, which can cause the skill to trigger in situations where users did not intend third-party image processing. In this skill, broad matching is more concerning because prompts and image URLs are later transmitted off-platform.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions do not clearly warn that image URLs, prompts, and related job data are sent to a third-party API. This creates a transparency and privacy issue because users may provide proprietary product images, campaign concepts, or internal assets without realizing they leave the local environment.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The API documentation explicitly instructs users to send image URLs to a third-party service but does not warn about privacy, retention, or data-handling implications. In a skill centered on product imagery, this creates a real risk that users may submit confidential product photos, embargoed marketing assets, or customer-linked images without understanding they are being transmitted externally.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The guide states the skill is auto-loaded whenever OpenClaw detects product photo tasks, but it does not define narrow invocation boundaries, confirmation requirements, or data-handling constraints. In an agent environment, broad triggers can cause the skill to activate on loosely related requests and send images or prompts to the external ProductAI service without the user's informed intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup section instructs users to configure and use the service but does not warn that prompts and images are transmitted to a third-party API. This omission can lead to inadvertent disclosure of sensitive product images, proprietary assets, or confidential prompt content during normal use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script interactively collects an API key and stores it in a local JSON file, but it does not clearly warn the user that sensitive credentials will be persisted on disk. Although it attempts to restrict permissions with chmod(0o600), local secret storage still increases exposure risk from backups, other local processes under the same user, accidental sharing, or insecure workstation hygiene.

External Transmission

Medium
Category
Data Exfiltration
Content
```json
{
  "api_key": "your-api-key-here",
  "api_endpoint": "https://api.productai.photo/v1",
  "default_model": "nanobanana",
  "default_resolution": "1024x1024",
  "plan": "standard"
Confidence
89% confidence
Finding
https://api.productai.photo/

Session Persistence

Medium
Category
Rogue Agent
Content
# ProductAI Integration

ProductAI.photo is an AI-powered service that generates professional product photos from existing images. It enables e-commerce businesses, marketers, and designers to create studio-quality product photography without hiring photographers.

## Quick Start
Confidence
90% confidence
Finding
create studio-quality product photography without hiring photographers. ## Quick Start **1. Get Your API Key** Visit [ProductAI Studio](https://www.productai.photo) → **API Access** → Copy your API

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal