ClawHub

gpt-image-2-sci-draw

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly an image-generation helper, but it needs Review because it obtains local credentials and sends prompts to a remote service while disabling HTTPS certificate checks.

Install only if you trust the mediportal/cwork image service and the local auth skill it calls. Avoid using it for confidential research prompts until the publisher documents the credential flow, removes unverified TLS, and explains what remote service receives prompts and tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if not app_key:
        # 从环境变量读
        app_key = subprocess.run(
            ["bash", "-c", "echo $XG_BIZ_API_KEY"],
            capture_output=True, text=True
        ).stdout.strip()
Confidence
87% confidence
Finding
app_key = subprocess.run( ["bash", "-c", "echo $XG_BIZ_API_KEY"], capture_output=True, text=True ).stdout.strip()

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill reaches outside its declared image-generation role to execute an external authentication script and pull credentials from the environment. In a skill context, undeclared credential access is dangerous because it enables token acquisition and hidden privilege use beyond user expectations.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Spawning `python3` and `bash` subprocesses gives this skill broader execution capability than necessary for scientific image prompting. In agent environments, that extra execution surface materially increases risk because a seemingly benign skill can interact with local scripts, shells, and secrets.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits the user's prompt and an access token to a remote service without any visible warning, consent, or data-handling disclosure. Because prompts for research illustration may contain sensitive project details, silent exfiltration to a third-party endpoint is a real privacy and security concern.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal