ClawHub

image-reader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it analyzes user-selected images by sending them to a configured external multimodal API, so users should treat analyzed screenshots as shared with that provider.

Install only if you are comfortable sending selected images, screenshots, and visible text to the configured Doubao/Volcengine-compatible API endpoint. Replace the placeholder API key with your own scoped key, keep config.yaml private, avoid sensitive screenshots unless approved, and consider pinning dependencies in sensitive or production environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation advertises reading a user-supplied local image path and therefore implies file-read capability, but it does not declare permissions or clearly bound that access. In an agent ecosystem, undeclared file access weakens transparency and policy enforcement, increasing the chance that local files are accessed without adequate user understanding or platform review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes image analysis functionality and names an external model provider/API endpoint, but it does not clearly warn users that uploaded images and extracted text may be transmitted to a third-party multimodal service for processing. In a skill specifically intended for screenshots and OCR, this omission is security-relevant because users may unknowingly send sensitive visual data, credentials, personal information, or proprietary content off-device.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language invocation examples are very broad and can cause the skill to trigger on generic phrases like 'Analyze this image' or 'Describe this screenshot' without clarifying boundaries or consent. Because the skill sends image contents to a remote multimodal API, over-broad triggers increase the risk of accidental activation on sensitive screenshots or documents.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The technical details state that images are sent as base64-encoded data to an external API, but the skill description and usage sections do not prominently warn users that their image contents leave the local environment. This is especially risky for screenshots and documents, which often contain credentials, personal data, or confidential business information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool sends the full image content to a remote multimodal API, but there is no explicit consent flow, warning, or privacy notice to the user at the point of use. Screenshots and images often contain sensitive information such as credentials, personal data, financial details, or internal documents, so silent transmission to a third-party service creates a real confidentiality and compliance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pyyaml>=6.0
Confidence
95% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pyyaml>=6.0
Confidence
98% confidence
Finding
pyyaml>=6.0

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
pyyaml

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal