ClawHub
Back to skill

Security audit

cpbox-images-search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-search skill, but it routes searches through a paid external x402 service with automatic payment guidance and weak consent or spending boundaries.

Review this before installing if you use wallet-enabled x402 tooling. Only enable it with strict spending limits, require explicit approval before each paid search, avoid sensitive image queries, and verify the external payment helper package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description 'USE FOR image search' is overly broad and can cause the agent to invoke this paid external skill for generic image-related requests without sufficient specificity or user intent confirmation. Because the skill sends queries to a third-party provider and may incur payment via x402, broad routing increases the risk of unnecessary data disclosure and unintended charges.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents external provider and facilitator domains, but it does not clearly warn that user search queries are transmitted to third-party services and may trigger a paid payment flow. This creates a meaningful privacy and consent risk, especially if users enter sensitive terms, and can also lead to unexpected monetary cost.

Natural-Language Policy Violations

Low
Confidence
73% confidence
Finding
The use-case guidance encourages targeting by country and language to match an audience, but it does not state that locale parameters should be derived from explicit user request rather than inferred context. This can cause the agent to send potentially sensitive preference or regional information to an external service without clear user authorization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal