ClawHub

3daistudio integration

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real 3D-generation integration, but it needs review because it uploads user content to a third-party service and downloads provider-supplied URLs without enough scoping or disclosure.

Install only if you are comfortable sending prompts, reference images, and related metadata to 3D AI Studio. Avoid using sensitive, proprietary, regulated, or personal images unless your organization permits that provider. Prefer a version that explicitly documents environment-variable use, outbound domains, data handling, and validates generated asset download URLs before fetching them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tainted flow: 'req' from os.environ.get (line 43, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
print(f"  Downloading from: {asset_url}")
    req = urllib.request.Request(asset_url)
    with urllib.request.urlopen(req, timeout=60) as r:
        with open(output_path, "wb") as f:
            f.write(r.read())
    print(f"  Saved to: {output_path}")
Confidence
91% confidence
Finding
with urllib.request.urlopen(req, timeout=60) as r:

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation declares required credentials and clearly relies on environment access and outbound network calls, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or platforms may approve and run the skill without realizing it can read secrets from the environment and transmit data to an external service.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The guide instructs users to treat `.glb` files as ZIP archives and extract OBJ data from them, which is factually incorrect for standard GLB files. This can cause downstream tooling or agents to mishandle untrusted model files, fail unexpectedly, or build insecure processing assumptions around file format validation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill asks users to provide local images and text prompts for 3D generation but does not prominently warn that this content is uploaded to the third-party 3D AI Studio API. This can lead to unintentional disclosure of sensitive images, proprietary designs, or confidential prompt content to an external processor and may violate user expectations or organizational data-handling rules.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal