ClawHub

Imagen 4 AI Image Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Media.io Imagen 4 image-generation skill that requires a user-provided API key and sends prompts to Media.io, with only minor disclosure and dependency cautions.

Install only if you trust Media.io and are comfortable using a Media.io API key from your environment. Image prompts and task IDs are sent to Media.io and generation may consume paid credits; avoid putting secrets, private personal data, or proprietary content in prompts, and use a revocable or limited API key where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions while its documented usage and related files indicate access to environment variables, local files, and outbound network requests. This under-disclosure is dangerous because users and orchestration systems cannot accurately assess the skill's capabilities, increasing the chance of unintended secret exposure or broader-than-expected API access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill is described as a narrow Imagen 4 image generator, but the referenced router and API definition file appear to support generic invocation of arbitrary Media.io endpoints, including non-image operations such as credits or task/result queries. This mismatch is dangerous because it can mislead users and reviewers into granting trust, secrets, and network access to a tool whose actual behavior is broader than advertised, enabling unintended API actions and data exposure.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script includes a direct 'Credits' query in its standard usage path even though the skill is described as an image generator. This expands the skill's effective capability to account metadata access, which can expose billing or usage information and violates least-privilege expectations for a narrowly scoped generation skill.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Implementing account credit retrieval in code that is supposed to generate images introduces a hidden secondary capability unrelated to the stated purpose. In an agent setting, this can enable unintended access to account usage/balance information and makes the skill more dangerous because users may authorize it expecting only content generation, not account inspection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs use of an API key to call an external Media.io endpoint but provides no warning that credentials are being sent to a third-party service or how they should be protected. In agent contexts, this omission can cause users or integrators to expose secrets improperly or transmit them without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The task-result endpoint sends both authentication material and task identifiers to an external service, but the documentation omits any privacy or disclosure notice. In an agent skill, this increases the chance that task metadata and credentials are transmitted without users understanding the data flow or retention implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The image-generation API transmits user prompts and authentication credentials to an external provider, but the documentation does not warn users that their prompt content leaves the local system. Because prompts may contain sensitive or proprietary information, the missing disclosure creates a real confidentiality and consent risk in this skill context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal