ClawHub

sk-doubao-seedream

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it generates or edits images through Volcengine Ark/Seedream, with ordinary privacy and credential-handling cautions.

Install only if you are comfortable sending prompts and any edited input images to Volcengine Ark. Prefer the VOLCENGINE_API_KEY environment variable or session-only entry instead of saving a long-lived key in config.json, and choose output paths carefully so generated images do not overwrite important files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tainted flow: 'output_path' from input (line 355, user input) → open (file write)

Medium
Category
Data Flow
Content
req = urllib.request.Request(url)
        with urllib.request.urlopen(req, timeout=60) as response:
            img_data = response.read()
            with open(output_path, 'wb') as f:
                f.write(img_data)
            return img_data
    except Exception as e:
Confidence
86% confidence
Finding
with open(output_path, 'wb') as f:

Tainted flow: 'output_path' from input (line 355, user input) → open (file write)

Medium
Category
Data Flow
Content
if image_b64:
                        img_data = base64.b64decode(image_b64)
                        if output_path:
                            with open(output_path, 'wb') as f:
                                f.write(img_data)
                        return output_path
Confidence
88% confidence
Finding
with open(output_path, 'wb') as f:

Tainted flow: 'output_path' from input (line 355, user input) → open (file write)

Medium
Category
Data Flow
Content
if match:
                        img_data = base64.b64decode(match.group(1))
                        if output_path:
                            with open(output_path, 'wb') as f:
                                f.write(img_data)
                        return output_path
Confidence
88% confidence
Finding
with open(output_path, 'wb') as f:

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to configure an API key locally and use a third-party image-generation service, but it does not clearly warn that prompts and input images will be transmitted to an external provider or that credentials may be stored in a local config file. This creates a real privacy and secret-handling risk, especially if users submit sensitive text, proprietary images, or store the key insecurely on shared systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool offers to persist the API key in a local JSON config file, which can expose credentials if file permissions are weak, the directory is shared, or the file is accidentally committed or backed up insecurely. While common in small utilities, storing long-lived secrets in plaintext increases credential theft risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal