ClawHub

Stable Image Ultra

Security checks across malware telemetry and agentic risk

Overview

The skill does generate images as advertised, but it broadly defaults agents into paid AWS Bedrock image generation using ambient AWS credentials and weak user confirmation boundaries.

Install only if you want agents to use AWS Bedrock for image generation. Use a dedicated least-privilege Bedrock profile or token, monitor AWS costs, avoid long-lived direct keys, and require explicit confirmation before generic image requests are sent to AWS.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad, everyday phrases such as generic image-generation requests, making accidental invocation likely across many unrelated conversations. Because this is also designated as the default image skill for all agents, overly broad routing can cause unintended external API calls, cost-incurring actions, and processing of user content without sufficiently specific intent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Forcing English prompts without user opt-in overrides user language preference and can lead to silent transformation of user input before sending it to an external model. In this skill's context, the main risk is policy and trust erosion rather than direct code execution, but it still creates a potentially unsafe pattern of rewriting user intent and transmitting altered content to a third-party service.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
An explicit ban on Chinese prompts is a stronger form of the same language-policy problem: it prohibits a user-preferred language and encourages mandatory rewriting. While not a classic exploit primitive, this is a real safety and policy issue because it normalizes overriding user constraints and can cause inaccurate translations or unwanted disclosure of transformed content to the external provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal