ClawHub

Zyka AI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AI media-generation skill that uses a disclosed CLI and API key, but users should be careful with private media, identity-related features, and paid credit usage.

Install only if you are comfortable sending selected prompts and media to Zyka and its model providers. Do not use confidential, regulated, or third-party identity media unless you have the rights and consent, protect and rotate the ZYKA_API_KEY, and monitor paid credit usage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to set a live API key and repeatedly states that local images, audio, and video are auto-uploaded, but it does not clearly warn that these files and prompts will be transmitted to external services. In a media-generation skill, users are especially likely to work with sensitive personal content, so omitting privacy and transmission disclosures increases the risk of accidental data exposure and misuse of credentials.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill exposes voice cloning, face swap, talking-head, dubbing, and voice-changing capabilities without any consent, identity, or lawful-use warning. Because these features directly enable impersonation and manipulation of real people, the absence of guardrails materially raises the risk of non-consensual deepfakes, fraud, harassment, and reputational harm.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal