ClawHub

AI Design Intelligent Drawing

Security checks across malware telemetry and agentic risk

Overview

This skill is a local image-design helper with broad triggers and dependency hardening gaps, but I did not find artifact-backed malicious behavior or hidden data access.

Install only if you are comfortable with a broad image/design skill handling the images you provide. Prefer using it on non-sensitive images, review outputs before saving or sharing, and pin or lock patched versions of Pillow, opencv-python, NumPy, and matplotlib before using it in a production or shared environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill description states it should automatically trigger for essentially any image-design-related request, which is an overly broad activation policy. In an agent environment, this can cause unintended invocation on ordinary conversation, increase the chance of acting on the wrong task context, and route user data into powerful file/image-processing paths without sufficiently explicit user intent.

Vague Triggers

High
Confidence
96% confidence
Finding
The listed trigger words include very generic everyday terms like '设计', '模板', '排版', and '放大', with no contextual guardrails. This makes false-positive activation likely, which can lead the agent to invoke this skill in unrelated contexts, mishandle user intent, or process user-provided content inappropriately at scale.

Vague Triggers

High
Confidence
97% confidence
Finding
The top-level description says the skill should auto-trigger for essentially any image design, editing, layout, or color-related request, which is far broader than a narrowly scoped tool invocation rule. In an agent ecosystem, this can cause unintended activation on ordinary conversation, route user content into a high-capability file-processing skill without clear consent, and increase the chance of accidental edits, exports, or handling of sensitive images.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger list includes very generic terms such as 设计, 绘图, 配色, 模板, 排版, and 放大, which commonly appear in benign discussion and not only in explicit requests to run the skill. Such broad keyword matching materially raises the risk of accidental invocation, misrouting, and unintended processing of user-provided images or assets.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises batch processing, format conversion, compression, renaming, and export-oriented capabilities but does not warn users that these actions may modify, overwrite, duplicate, or generate derivative files. In a design/file-processing context, missing consent and safety messaging can lead to accidental data loss, unwanted transformations, or unintentional disclosure through exports.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Asset-library import/export, metadata management, thumbnailing, and watermark operations inherently touch potentially sensitive images and embedded metadata, yet the skill description provides no privacy or handling warning. In practice this can expose personal, proprietary, or regulated visual content and metadata if users do not realize assets may be indexed, exported, or transformed.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill exposes destructive and data-moving asset operations such as delete and export without documenting any confirmation, authorization, or user-warning requirements. In an agentic context, this increases the risk of unintended deletion or bulk export of user assets if the action is triggered from ambiguous prompts or mishandled tool calls.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The export functionality describes generation of multiple output files and sizes but omits warnings or controls around overwriting existing files, uncontrolled file proliferation, or unintended disclosure through exported artifacts. In a design workflow skill, automated export actions can create data handling and integrity risks if the destination, naming, and confirmation model are not constrained.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger keywords are extremely broad and generic (such as 'AI' and '设计'), making the skill likely to activate on many unrelated requests. In an agent ecosystem, overbroad invocation can cause unintended routing, unnecessary access to user prompts or files, and shadowing of more appropriate skills, increasing the chance of unsafe or privacy-impacting behavior.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 安装命令: pip install -r requirements.txt

# 核心图像处理库
Pillow>=9.0.0
opencv-python>=4.5.0
numpy>=1.21.0
Confidence
91% confidence
Finding
Pillow>=9.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 核心图像处理库
Pillow>=9.0.0
opencv-python>=4.5.0
numpy>=1.21.0

# 数据可视化与色彩处理
Confidence
91% confidence
Finding
opencv-python>=4.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 核心图像处理库
Pillow>=9.0.0
opencv-python>=4.5.0
numpy>=1.21.0

# 数据可视化与色彩处理
matplotlib>=3.4.0
Confidence
91% confidence
Finding
numpy>=1.21.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy>=1.21.0

# 数据可视化与色彩处理
matplotlib>=3.4.0

# 可选:额外增强功能
# scipy>=1.7.0
Confidence
90% confidence
Finding
matplotlib>=3.4.0

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
82% confidence
Finding
Pillow

Known Vulnerable Dependency: opencv-python — 10 advisory(ies): CVE-2017-12864 (Integer Overflow or Wraparound in OpenCV); CVE-2017-12598 (Out-of-bounds Read in OpenCV ); CVE-2019-14493 (NULL Pointer Dereference in OpenCV.) +7 more

High
Category
Supply Chain
Confidence
84% confidence
Finding
opencv-python

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
72% confidence
Finding
numpy

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal