ClawHub

WeryAI Image Generator

Security checks across malware telemetry and agentic risk

Overview

This is a WeryAI image-generation skill whose network use, API key use, paid submissions, polling, and reference-image uploads are mostly disclosed and aligned with its purpose, but users should be careful with local file paths and custom API hosts.

Install only if you are comfortable sending prompts, selected reference images, and local image files you explicitly provide to WeryAI for processing. Prefer public HTTPS image URLs or dry-run previews first, do not provide sensitive local files, and do not override WERYAI_BASE_URL or WERYAI_MODELS_BASE_URL unless you fully trust the host.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file gives contradictory guidance about local file paths: earlier sections explicitly allow local/file inputs and automatic upload, while the Constraints section says not to use local file paths. This inconsistency is dangerous because an agent may follow the permissive path and upload sensitive local files unexpectedly, creating a real risk of data exfiltration from the host environment to the remote WeryAI service.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The upload helper explicitly allows many non-image file types including video, audio, text, JSON, XML, YAML, and subtitles, even though the skill is described as an image-generation integration. This expands the data exfiltration surface: any local file matching an allowed extension can be read from disk and uploaded to the configured API endpoint, which is especially concerning because the code only warns—rather than blocks—when the destination is a non-official domain.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
Remote source handling accepts any HTTP or HTTPS URL without validating that the target is an image or otherwise within the intended scope. In an image-generation skill, this permissive behavior can enable misuse of arbitrary remote resources, undermining boundary assumptions and making it easier to pass unexpected content or untrusted locations through downstream workflows.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This code resolves local image sources and uploads them to a remote API, but there is no in-function confirmation, notice, or consent check before transmitting local files. In an agent skill context, that creates a meaningful privacy and data-exfiltration risk because a user may provide a local path expecting local processing while the skill silently sends file contents off-host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal