ClawHub

Clawra Selfie

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear selfie-generation purpose, but it can send media to real messaging channels and asks for broader permissions and credentials than its registry metadata clearly declares.

Review before installing. Use this only if you are comfortable sending prompts and generated images to fal.ai and then to selected messaging platforms through OpenClaw. Confirm the exact image, caption, platform, and channel before any send, and restrict or remove unnecessary npm/npx, file read/write, and broad web permissions where your agent environment allows it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad and overlap with ordinary conversation such as 'how are you doing?' or 'where are you?', which can cause the skill to activate when the user did not intend to generate and send an image. In this skill, unintended activation is more dangerous because activation leads to image generation through an external API and possible delivery to messaging channels, creating privacy, consent, and spam risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description does not clearly warn that prompts, generated image URLs, and message content will be sent to third-party services and external messaging destinations. Because the workflow explicitly uses fal.ai for image editing and OpenClaw for cross-platform delivery, users may unknowingly disclose personal context or cause outbound messages without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal