ClawHub

Byted Seedream Image Generate

Security checks across malware telemetry and agentic risk

Overview

The skill matches its image-generation purpose, but it leaks API keys and user prompt data into normal output logs.

Review before installing. Use only with non-sensitive prompts and image URLs, avoid shared or persisted logs, and do not run it with valuable production Volcano Engine keys unless the logging is removed or redacted. If already used, rotate any exposed API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation indicates use of environment variables and outbound network access, but no explicit permissions are declared. This creates a transparency and governance gap: users or orchestrators may invoke the skill without understanding that secrets will be read from the environment and prompts or image URLs will be sent to external services.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The top-level description is broad enough to match many ordinary image-related requests, which can cause over-invocation of a networked third-party image generation skill. In context, that increases the chance that sensitive user prompts, reference image URLs, or creative content are unnecessarily sent to an external provider.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The 'When to Use This Skill' section lists many generic conditions without any limiting criteria or privacy caveats. Because this skill performs external AI generation and supports remote image inputs, overly broad activation guidance can route user data to third-party services in situations where a narrower or local tool would be safer.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation advertises web search integration but does not warn that prompt contents or generated queries may be transmitted to external services beyond the base image API. That omission can mislead users about data flows and creates privacy risk, especially if prompts contain confidential project details or personal information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example command enables web search directly, normalizing external transmission without any notice or consent language. Users often copy examples verbatim, so this increases the likelihood that sensitive prompts will be sent to outside services unintentionally.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script logs the full Authorization header and full request body before sending the API call. This exposes the bearer token and potentially sensitive user prompts or image references to stdout, shell history captures, CI logs, agent transcripts, or centralized logging systems, enabling credential theft and data leakage.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code reads API keys from environment variables and later includes them in printed headers via _get_headers(), causing direct secret disclosure. In agent and automation contexts, stdout is often persisted, so a leaked bearer token can be reused to make unauthorized API calls and incur cost or abuse the account.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal