ClawHub

Doubao Image Video Skill V2

Security checks across malware telemetry and agentic risk

Overview

This is a functional Doubao image/video API wrapper, but it makes watermark removal the default image-edit behavior and gives unsafe API-key handling guidance.

Review carefully before installing. Use only images and prompts you are authorized to send to Volcengine ARK, avoid watermark/logo removal unless you own the content or have explicit permission, do not paste or screenshot your ARK_API_KEY, prefer a scoped or temporary key, and periodically delete generated media from the local `data/` directory if it may contain sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly promotes watermark removal as a primary image-editing use case, which can facilitate copyright circumvention and misuse of protected media. In this context, the capability is not framed as a narrow lawful exception but as a normal workflow, increasing abuse risk.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation describes image editing specifically as intelligent watermark removal rather than neutral editing, normalizing a misuse-oriented behavior. That framing makes the skill more dangerous because it operationalizes a questionable activity instead of merely exposing a generic editing primitive.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The test instructions directly teach users how to perform watermark/logo removal, which goes beyond neutral documentation and into enablement. Including this as an expected success case increases the likelihood of harmful or infringing use.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The code accepts arbitrary edit prompts while presenting the feature as specifically for watermark removal, creating a misleading interface that conceals broader image-manipulation capability. In this context, the discrepancy matters because it lowers user and reviewer awareness of potentially abusive editing uses, including deceptive or policy-violating image alteration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that generated files are automatically saved locally, but it does not warn users that prompts, images, and videos may be written to disk and persist after execution. In environments handling sensitive or regulated data, silent local persistence can create privacy, retention, and data exposure risks if other users or processes can access the files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advises users to store the API key in shell startup files such as ~/.bashrc without discussing credential exposure risks. Persisting secrets in plaintext dotfiles can leak them through backups, shared accounts, misconfigured permissions, shell history workflows, or accidental publication of home-directory contents.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README documents sending image URLs and prompts to an external API but does not disclose the privacy implications of transmitting potentially sensitive user content to a third party. Users may unknowingly submit confidential images, personal data, or proprietary prompts to external processing and logging systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes watermark-removal functionality without any warning about legal, contractual, or policy implications. This can facilitate misuse against copyrighted or licensed content and may encourage users to violate platform terms or intellectual property protections.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill states that generated media is automatically downloaded and saved locally, but it does not clearly foreground persistence, storage location, or retention implications as a warning. This can surprise users and may expose sensitive prompts or generated content on disk, especially in shared environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation does not clearly warn that prompts, image URLs, and generated content are transmitted to an external third-party API service. This omission can lead users to unknowingly send sensitive or proprietary material off-device.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script sends prompts and image URLs to a third-party API and writes returned media to local storage, but its interface does not prominently warn users about off-box transmission and local persistence. In a skill context, this can lead users to submit sensitive prompts or internal image URLs without understanding the privacy and data-retention implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The wrapper explicitly defaults the edit prompt to `remove watermark, keep main content`, which directly facilitates removal of attribution or ownership markers from images. In an image-editing skill, this is more dangerous because the capability is not incidental—it is the documented default behavior, making misuse straightforward and likely.

Ssd 4

Medium
Confidence
96% confidence
Finding
The skill presents watermark/logo removal as a normal editing workflow, which cumulatively encourages stripping ownership or provenance indicators from media. In the context of an image/video skill, this materially increases misuse potential and undermines legitimate safeguards.

Ssd 4

Medium
Confidence
97% confidence
Finding
The repeated default prompts and examples for removing watermarks/logos reinforce a harmful-use pattern rather than a neutral capability. Repetition in defaults, examples, and workflow guidance lowers the barrier to misuse and signals that the behavior is endorsed.

Ssd 4

Medium
Confidence
97% confidence
Finding
The testing guidance treats watermark removal as a successful and expected scenario, which operationalizes and validates the misuse pathway. This is more dangerous than a mere mention because it gives users a ready-made procedure to reproduce the behavior.

Ssd 4

Medium
Confidence
93% confidence
Finding
The example explicitly presents 'remove watermark' as a normal image-editing use case, which can encourage copyright circumvention and removal of ownership or provenance indicators. In an AI image-editing skill, normalizing this workflow increases misuse risk because users may infer the tool is intended for rights-stripping or policy-violating content manipulation.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal