ClawHub

AI Image

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a normal skills.video image-generation helper, but its helper scripts can send the configured API key to caller-supplied URLs outside the intended service.

Install only if you trust skills.video and need this API integration. Avoid custom full URLs or custom base URLs unless you have verified they are controlled by skills.video, because the helper scripts may send your API key there. A safer version should enforce an allowlist such as https://open.skills.video before adding the Authorization header.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to use sensitive environment variables, read local files such as OpenAPI/docs artifacts, invoke shell commands, and make outbound network requests, yet it declares no explicit permissions boundary. This creates a confused-deputy risk where a host may grant broader capabilities than users expect, allowing unintended access to API keys, local files, or external endpoints through the skill.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The default prompt uses a very broad invocation phrase, 'create images of {subject}', without any scope, policy, or domain constraints. In an agent ecosystem, this can cause the skill to trigger for a wide range of image-related requests, increasing the chance of inappropriate delegation, policy bypass attempts, or unsafe content generation workflows being routed through this skill.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal