ClawHub
Back to skill

Security audit

Image Assets Resize — 图片素材尺寸延展

Security checks across malware telemetry and agentic risk

Overview

The skill mainly does image resizing, but it includes under-scoped native software download/execution and sensitive image/API-key handling that users should review before installing.

Install only if you are comfortable with remote AI processing of your images and prompts. Prefer environment-variable API keys, verify the base_url before processing confidential assets, and avoid the Real-ESRGAN --install path or default external gpt_image2.py helper unless you have independently verified those files and their source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
zip_path = BIN_DIR / "realesrgan.zip"
        try:
            BIN_DIR.mkdir(parents=True, exist_ok=True)
            subprocess.run(
                ["curl", "-fsSL", "-o", str(zip_path), ESRGAN_ZIP_URL],
                capture_output=True, timeout=120, check=True,
            )
Confidence
90% confidence
Finding
subprocess.run( ["curl", "-fsSL", "-o", str(zip_path), ESRGAN_ZIP_URL], capture_output=True, timeout=120, check=True, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
tmp_path = output_path + ".esrgan_tmp.png"

        try:
            result = subprocess.run(
                [str(exe), "-i", input_path, "-o", tmp_path,
                 "-s", str(esrgan_scale), "-f", "png"],
                capture_output=True, text=True, timeout=300,
Confidence
83% confidence
Finding
result = subprocess.run( [str(exe), "-i", input_path, "-o", tmp_path, "-s", str(esrgan_scale), "-f", "png"], capture_output=True, text=True

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill includes functionality to download and install third-party binaries, which materially expands its capability beyond simple image resizing. Broader capabilities increase attack surface and can surprise users or hosting agents by performing network access and software installation in environments that may not expect or permit it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents a cloud flow where user-uploaded images are stored temporarily and sent to external image-model providers, but it does not provide a clear privacy warning, consent step, retention policy, or data-handling boundaries. This is dangerous because uploaded creative assets may contain sensitive, proprietary, biometric, or personal content that users may not expect to leave the local environment.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup flow stores the API key directly in `~/.content-marketing/config.json` in plaintext, creating a local secret-exposure risk if the file is read by other users, malware, backups, or logs. The code provides no warning, file-permission hardening, or use of OS credential storage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `edit` path base64-encodes a local image and sends it to a remote API endpoint, which can expose sensitive local content if users are unaware that their files are uploaded. This is especially relevant because the base URL is configurable, so image data may be sent to third-party or self-hosted endpoints with different trust properties.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
When --verify is enabled, the script base64-encodes the generated image and sends it to an external chat completion API for quality review, but the CLI help and runtime output do not clearly warn that image contents will leave the local environment. If users process confidential marketing creatives, unreleased assets, or personal images, this can cause unintended data disclosure to a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal