ClawHub

smart-image-loader

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it fetches arbitrary URLs and gives unsafe cleanup instructions that could mishandle crafted filenames.

Install only if you are comfortable with arbitrary URL fetching for image display. Use trusted image URLs, avoid unusual filenames or query strings, and clean up temp files with safe argument passing or Python file removal instead of raw shell `rm`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to fetch remote content over HTTP/HTTPS, but no corresponding permission or explicit disclosure is declared. Hidden network capability is risky because users may trigger outbound requests and data exposure without realizing the skill performs network access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented behavior understates what the skill actually enables: remote downloads, temp-file creation, metadata output, and acceptance of arbitrary existing local paths. This mismatch can cause users or calling agents to trust the skill as a simple image viewer while it actually expands file-access and network-execution surface.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation language is broad enough that ordinary requests to 'show' or 'display' an image could invoke a workflow that performs downloads or reads local files. Over-broad triggering increases the chance of unintended network access or file handling in situations where the user did not clearly consent to those side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions tell the agent to download remote URLs and later delete files, but they provide no user-facing warning or consent step for those actions. Silent network access and file deletion are dangerous because they can surprise users, obscure auditability, and create opportunities for misuse if the input is attacker-controlled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal