ClawHub
Back to skill

Security audit

Geo Tag Photos

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed photo geotagging workflow that reads user-selected JPGs, geocodes inferred landmarks, and only writes EXIF metadata after review, confirmation, and backup.

Install only if you are comfortable with your agent viewing selected photos and with inferred landmark/city/country text being sent to Nominatim. Use it only on photos you own, inspect report.csv before approving writes, and keep the backup directory until you verify the EXIF changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises operational behavior that includes reading files, writing EXIF metadata, and making network requests, but it does not declare permissions or capabilities explicitly. That weakens user consent and review, because a consumer may not realize the skill can modify local files and contact external services until after inspecting the body in detail.

Tp4

High
Category
MCP Tool Poisoning
Confidence
79% confidence
Finding
The documented purpose centers on GPS recovery, but the broader behavior includes writing additional EXIF fields, cache management functionality, and downloading test images from the network. Such description-behavior drift is dangerous because it expands the actual attack surface and data-modification scope beyond what a user may reasonably expect from the summary, increasing the chance of unintended metadata changes or network activity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal