Back to skill

Security audit

WiseDiag-Skin

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WiseDiag skin-photo upload tool, but users should treat it as sensitive health-data handling because it sends images to a cloud API and saves reports locally.

Install only if you are comfortable sending selected skin photos and questions to WiseDiag's cloud service. Avoid identifiable or intimate images unless you have consent, protect the WISEDIAG_API_KEY, and delete saved reports from ~/.openclaw/workspace/WiseDiag-Skin when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation clearly indicates use of environment variables for an API key, local file upload, writing results to disk, and network transmission to a remote cloud service, yet no explicit permissions are declared. This creates a transparency and policy-enforcement gap: users or platforms may not be able to accurately evaluate or constrain the skill's access to sensitive files, credentials, and outbound data flows.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill silently persists sensitive medical-adjacent content by default, including the image filename, the user's question, the model output, and detailed detection metadata, into a predictable local workspace path. For a skin-analysis tool, this increases the chance of unintended retention and later disclosure of private health information on shared systems or through backup/sync tooling.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The code captures and stores the model's reasoning stream as a 'Thinking Process' section in the Markdown report, even though that is not necessary to fulfill the user's request. Exposing chain-of-thought-like output can leak unnecessary internal details, increase sensitive data retention, and create avoidable privacy and policy risks without adding clear user value.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill uploads a local skin image and accompanying user question to a remote API, but the runtime behavior does not provide an explicit privacy notice or consent checkpoint at the point of transfer. Because skin photos may contain sensitive health information and identifying features, sending them off-device without a clear warning makes the skill materially riskier in context.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Confidence
93% confidence
Finding
requests>=2.28.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.