ClawHub

AI role play character image generation

Security checks across malware telemetry and agentic risk

Overview

This skill performs the image-generation job it advertises, but it handles real face photos through an external service with weak consent, privacy, and misuse boundaries.

Review before installing. Use only images you own or have explicit consent to process, assume local face/reference images and prompts may be uploaded to AuraShot and returned as hosted URLs, keep `.aurashot.env` private and out of git, and do not use the skill for deceptive, non-consensual, sexualized, or impersonation content involving real people.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill uses sensitive capabilities including environment variables, local file read/write, and network access, but does not declare explicit permissions or user-facing capability boundaries. This creates a transparency and least-privilege problem: an agent may access local images, save files, and transmit data to a remote service without clear permission signaling, increasing the risk of unintended data exposure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The documented purpose emphasizes identity-preserving character generation, but the skill text also describes broader image-editing and adjacent workflows beyond that narrow scope. When behavior exceeds the declared purpose, users and agents can be misled about what operations may occur, weakening informed consent and making abuse of image manipulation features easier to hide.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill will download whatever remote URLs appear in the API result and write them to a user-specified directory using a filename derived from the URL. Although intended for generated images, this creates a trust boundary issue: if the upstream service or returned URL is malicious or compromised, the agent may write untrusted content to disk without validating MIME type, extension, content, or destination safety beyond the parent directory.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to upload face photos and preserve identity across generations, which implies transmission and processing of biometric data by an external service, but it provides no privacy, consent, retention, or third-party processing warning. Because facial images are sensitive personal data, this omission can lead users to expose biometric information without understanding the privacy and compliance implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill accepts face photos, local file paths, and target images, and explicitly states that local files are uploaded automatically, yet it does not prominently warn users that this data may be transmitted to the remote AuraShot service. Because the data includes biometric facial imagery and potentially sensitive local images, missing disclosure meaningfully increases privacy and consent risk.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The skill encourages character roleplay and identity-preserving generation from a single face reference, including real-person photos, without documenting consent, impersonation, or anti-abuse safeguards. In this context, the feature set can facilitate deceptive impersonation, non-consensual likeness generation, or sexualized image creation using a real person's face.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation explicitly supports uploading local images and sending face/reference photos, which are highly sensitive biometric and personal data, but it provides no privacy notice, retention guidance, consent requirements, or data-handling constraints. In a character-consistent image generation skill, this omission is more serious because users may submit real-person face images, increasing the risk of unauthorized processing, secondary use, or compliance failures.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal