ClawHub

Skill Image Gen

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is purpose-aligned, but it gives unsafe credential-handling instructions and stores API secrets in plaintext without clear safeguards.

Review before installing. Use only limited-scope or disposable keys, do not paste real API keys into chat, avoid running the command that prints the key, keep COS upload disabled unless needed, and restrict permissions on any local config file containing secrets. Avoid sensitive prompts or images unless you accept processing by Gitee AI and, if enabled, Tencent COS.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes capabilities that access environment variables, read and write local files, and make network requests, but it does not declare corresponding permissions. This creates a transparency and consent problem: an agent or user may invoke the skill without understanding that it can access secrets, persist data locally, or send data externally.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The document explicitly tells users to paste their Gitee API key into an AI chat so the agent can update configuration on their behalf. That is a real secret-disclosure risk because chat channels may be logged, retained, exposed to operators, or reused by other tools, directly contradicting the earlier warning not to share the key.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes sending prompts and optionally uploading generated images to external services (Gitee AI and Tencent COS) but does not clearly disclose that user data will leave the local environment and may be stored remotely or persist on disk/cloud storage. In an agent skill context, this can mislead users or downstream agents into transmitting sensitive prompts or images without informed consent, creating privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill supports uploading generated images to Tencent Cloud COS, but the documentation does not prominently warn that image content and related metadata may be transmitted to a third-party cloud provider. Users may assume output stays local, leading to unintended disclosure of sensitive prompts or generated images if they enable cloud upload.

Missing User Warnings

High
Confidence
98% confidence
Finding
Telling users to share an API key directly in chat without strong privacy and retention warnings creates a straightforward path for credential exposure. In agent ecosystems, chat content is often persisted or observable, so this guidance materially increases the chance of compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The interactive setup collects sensitive secrets such as the Gitee API key and optional COS secret credentials, then persists them to a JSON file under the user's home directory. Although this is common in CLI tooling, the code does not warn users that credentials will be stored on disk, does not set restrictive file permissions, and stores secrets in plaintext, which increases the risk of credential disclosure from other local users, backups, or malware.

Ssd 3

High
Confidence
99% confidence
Finding
The text instructs users to disclose a secret in plain language to the AI agent so the agent can modify configuration. This is dangerous because it encourages transferring long-lived credentials into a conversational interface, where they may be logged, cached, or unintentionally revealed to downstream systems.

Ssd 3

Medium
Confidence
97% confidence
Finding
The validation command prints the configured API key to stdout as proof of success, which can expose the secret in terminal history, logs, screenshots, CI output, or shared sessions. Even if intended for convenience, it normalizes unsafe handling of credentials and can lead to accidental leakage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal