ClawHub

Deai Image

Security checks across malware telemetry and agentic risk

Overview

This skill is openly built to strip AI-image provenance and help images bypass detectors, and it can permanently alter original files’ metadata.

Install only for lawful, authorized research or personal workflows where altering AI-image provenance is acceptable. Do not use it to hide AI-generated origin from platforms or viewers, and run it only on copies because original images can lose metadata permanently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (22)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill is explicitly designed to remove provenance signals and bypass AI-image detectors, not merely clean metadata or optimize images. That enables deceptive relabeling of synthetic media as human-made and facilitates evasion of platform safety, provenance, and compliance systems.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The verification section operationalizes evasion by instructing users to test processed images against multiple external detectors and increase modification strength until the content is no longer flagged. This converts the skill from passive processing into an iterative detection-bypass playbook.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The contribution guidance solicits new bypass techniques and detector API integration, which would mature the skill into a sustained evasion toolkit. This increases both capability and intent by encouraging continuous improvement against safety and provenance controls.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script explicitly instructs users to test processed images against AI detectors and claims effectiveness in reducing detection, which materially facilitates evasion of provenance and moderation systems. In context, this is not neutral image cleanup; it is operational guidance for bypassing detection controls, increasing the likelihood of deceptive or policy-violating use.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The CLI help text suggests a limited metadata-only action, but the implementation can modify the original file in place and exits before other mode handling, creating a misleading and potentially destructive user experience. This mismatch can cause irreversible removal of provenance or evidentiary metadata when users expect a safer, scoped operation.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This script is explicitly marketed and documented to help users bypass AI-image detection rather than perform ordinary image optimization. In this skill context, the staged transformations, detector-check guidance, and success-rate claims make the evasive purpose central to the implementation, enabling deception and undermining provenance and moderation systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README prominently markets removal of AI fingerprints, metadata stripping, and detector bypass without an upfront safety warning about destructive modification, provenance removal, and misuse potential. In this skill's context, that omission is more dangerous because the stated purpose is explicitly to evade AI-origin detection, which can facilitate deception, policy evasion, and destruction of authenticity evidence.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill promotes metadata stripping, recompression, and batch rewriting while downplaying that these changes can irreversibly remove provenance markers and authenticity records. In this context, omission of a strong warning is dangerous because provenance removal is the central capability, not an incidental side effect.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow tells users to upload images to third-party detector websites without warning that the images may be retained, logged, or used for model training. This exposes potentially sensitive user content to external services and compounds the skill's evasion purpose.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly markets the skill as removing AI fingerprints, stripping metadata, and bypassing AI image detectors. In this context, the lack of any warning about destructive modification is not just a documentation gap: it normalizes covert image laundering and increases the likelihood of deceptive or policy-evasive use, including irreversible alteration of source files and removal of provenance data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The command surface exposes direct file-writing and batch-processing capabilities for a tool whose stated purpose is to evade AI detection and strip provenance. Without prominent safeguards or disclosure, these commands enable bulk, low-friction manipulation of images and metadata, increasing the risk of mass laundering of AI-generated content or accidental destructive changes to user files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code strips EXIF/C2PA/JUMBF metadata and later writes altered files without prominent warnings that these actions are irreversible and may remove provenance information. In this skill's context, silent provenance removal is especially dangerous because the stated purpose is to reduce AI-detection fingerprints, not merely routine image optimization.

Natural-Language Policy Violations

High
Confidence
100% confidence
Finding
The module docstring frames the tool as removing AI detection patterns from AI-generated images, which is explicit anti-detection functionality. Given the skill description and implementation, this is a clear indication the code is designed to evade trust, moderation, or provenance systems rather than serve a benign editing purpose.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The report output explicitly tells users to verify results with third-party AI detectors after processing, which operationalizes and encourages detector evasion. This increases harm because it helps users iteratively optimize deceptive content to avoid downstream safeguards.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
Advertising processing profiles in terms of detector-evasion success rates makes the bypass objective explicit and user-optimizable. This is dangerous in context because it promotes intentional circumvention of AI-content detection and provenance mechanisms.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function removes metadata directly from the input file via exiftool before producing the output, which destructively alters the original asset without warning or confirmation. In this context, that behavior is especially risky because provenance data such as EXIF, C2PA, and JUMBF may be important for authenticity, auditability, or forensic review.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The header comments describe the tool as an AI image de-fingerprinting utility intended to remove AI fingerprints and bypass detectors. Those user-facing strings are not incidental; they establish an overt evasion use case that increases the likelihood of misuse for fraud, moderation circumvention, or laundering synthetic content.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The script advertises detector-evasion success rates and tells users to verify outputs against named AI detectors, which materially facilitates misuse. In this skill, those claims operationalize an adversarial testing workflow for evading detection systems, making the tool more dangerous than a generic image-processing script.

Ssd 4

High
Confidence
99% confidence
Finding
The document frames a stepwise process for making AI-generated images appear human-captured by stripping provenance and tuning transformation strength. That is a deception-enabling workflow, especially harmful in contexts involving fraud, misrepresentation, or policy evasion.

Ssd 4

High
Confidence
99% confidence
Finding
This section coaches users to test against several detectors, iterate, and escalate edits until detection fails. Such adversarial tuning materially increases the effectiveness of deceptive synthetic-media evasion and lowers the barrier for misuse.

Ssd 4

Medium
Confidence
94% confidence
Finding
The advanced usage and contribution guidance encourage ongoing refinement of techniques specifically intended to defeat detection systems. Even without executable code here, the documentation acts as capability development guidance for sustained evasion.

Ssd 4

Medium
Confidence
97% confidence
Finding
The full workflow combines multiple individually common image operations into a pipeline explicitly intended to degrade AI-origin indicators and defeat detection through cumulative artifacts. Because the skill description and output messaging frame these steps as an evasion strategy, the overall design is harmful even if each primitive operation appears benign in isolation.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal