ClawHub

Image Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real SiliconFlow image-generation skill, but it has credential-scoping and data-disclosure issues users should review before installing.

Review this before installing. Prefer setting a dedicated SILICONFLOW_API_KEY, avoid relying on generic API_KEY or memory-search configuration, and do not submit sensitive prompts or private images unless you are comfortable sending them to SiliconFlow for processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script falls back to reading an API key from the agent's unrelated memorySearch.remote configuration if it sees a SiliconFlow base URL. This mixes trust boundaries and can cause the image-generation skill to silently reuse credentials intended for another subsystem, increasing the chance of credential misuse, unintended billing, and cross-component data access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill clearly relies on an external SiliconFlow API for image generation, and image-to-image mode may upload user-provided reference images, but the description does not warn users that their prompts and images are sent to a third-party service. This can lead to inadvertent disclosure of sensitive prompts or local image content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
If image_path is provided, the script reads the local file, base64-encodes it, and sends the image contents to a remote third-party API without any disclosure, confirmation, or path restrictions. In an agent setting, this can cause unintentional exfiltration of sensitive local files if upstream tooling or prompts supply a path the user did not realize would be uploaded.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-provided prompts to a third-party service along with authentication, but provides no user-facing disclosure or consent mechanism in code. In an agent skill context, this matters because prompts may contain sensitive business or personal data that users do not realize will leave the local environment.

External Transmission

Medium
Category
Data Exfiltration
Content
'Authorization': f'Bearer {load_key()}',
        'Content-Type': 'application/json',
    }
    resp = requests.post(API_URL, headers=headers, json=payload, timeout=180)
    try:
        data = resp.json()
    except Exception:
Confidence
93% confidence
Finding
requests.post(API_URL, headers=headers, json=

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal