ClawHub

Agnes Ai

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Agnes AI image and video generation skill, with expected but privacy-sensitive API-key and image-upload behavior.

Install only if you trust Agnes AI with your prompts and any images you choose to provide. Prefer setting AGNES_API_KEY as a session environment variable instead of pasting it into chat or saving it permanently; if you use ~/.agnes-ai/api_key, restrict file permissions and avoid using confidential images or private internal URLs unless you understand the provider’s handling and retention policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to persist the user's Agnes API key to ~/.agnes-ai/api_key in plain text and does not warn the user about local secret storage or its risks. Plain-text credential persistence increases exposure to other local users, malware, backups, shell history mistakes, and accidental disclosure through logs or support bundles.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API reference documents image-to-image requests that accept remote image URLs but does not warn users that the service will fetch those URLs server-side, causing user-supplied data and network metadata to be transmitted to a third party. This can lead to unintended data disclosure, privacy issues, and unsafe use of internal or sensitive URLs if integrators do not realize the fetch occurs off-system.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
When a user supplies a local image path, the script base64-encodes the file and sends its full contents to the remote Agnes AI API as a data URL. This creates a real privacy and data-handling risk because users may believe they are only using a local CLI transform, while sensitive local files are actually uploaded off-host without an explicit warning or confirmation.

Ssd 3

Medium
Confidence
98% confidence
Finding
The README explicitly tells users to paste a live API key into the agent chat, which exposes a secret through a natural-language interface that may be logged, retained in conversation history, forwarded to tools, or visible to operators and plugins. In an agent ecosystem, chat is a poor secret-entry channel because users often cannot verify storage, redaction, or downstream access controls.

Session Persistence

Medium
Category
Rogue Agent
Content
Then set the environment variable for the current session:

```bash
mkdir -p ~/.agnes-ai
echo -n "sk-your-key-here" > ~/.agnes-ai/api_key
export AGNES_API_KEY="sk-your-key-here"
```
Confidence
96% confidence
Finding
mkdir -p ~/.agnes-ai echo -n "sk-your-key-here" > ~/.agnes-ai

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal