ClawHub

Text to Image API

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a text-to-image integration, but its API router is broader than that purpose and includes account credit inspection.

Review before installing. Only use it if you are comfortable giving the skill your provider API key and allowing it to call more than image-generation endpoints, including credit or quota checks. Prefer a version that restricts callable operations to the specific image-generation endpoints you need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation and examples show capabilities to read environment variables, access local files, and make network requests, but the skill only declares an environment requirement in metadata rather than explicit permissions for those capabilities. This creates a transparency and policy-enforcement gap: users or hosting platforms may not realize the skill can read local files such as `scripts/c_api_doc_detail.json` and transmit data over the network, increasing the risk of unintended data exposure or execution in environments that rely on declared permissions.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is implemented as a generic API router over whatever operations are present in the API definition file, rather than being constrained to the advertised text-to-image use case. In this context, that broad capability increases the attack surface and enables invocation of unrelated operations such as account or usage endpoints, which violates least privilege and can expose sensitive metadata or enable unintended actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The included example explicitly invokes a 'Credits' operation, exposing account/usage inspection capability that is not necessary for a text-to-image skill. Even if read-only, this can leak billing or quota information and demonstrates that the skill supports functionality outside its declared purpose, making misuse easier in agentic contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal