ClawHub

图像提取转换服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This image skill is not clearly dangerous, but it sends user-provided image inputs to a third-party API and stores an API key locally with inconsistent documentation.

Review before installing. Only use this skill with images and URLs you are comfortable sending to xiaobenyang.com, and avoid sensitive screenshots, documents, or private photos unless you trust that service. Treat the API key as a stored local secret in .env and rotate it if the package or workspace is shared.

SkillSpector (9)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exposes capabilities to read/write local files, access environment variables, and make network requests, but does not declare those permissions to the user. This undermines informed consent and makes it easier for sensitive data such as local images or API keys to be accessed or exfiltrated without clear visibility.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose suggests local image extraction/conversion, but the skill behavior includes remote API calls, API key persistence, and additional input modes not clearly disclosed. This mismatch can mislead users into providing local files or credentials under false assumptions, increasing the risk of unexpected data transfer to an external service.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill documentation mixes image-processing claims with unrelated school-search workflow examples, which is a strong sign of copied or inconsistent instructions. Such inconsistencies can cause the agent to invoke unintended tools or mishandle user data, reducing trustworthiness and making security review harder.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
References to a gaokao skill and a search_schools function contradict the stated image-analysis purpose, indicating documentation drift or reused scaffolding. In agent systems, these contradictions can lead to unsafe or unintended tool routing and make users misunderstand what data is being processed.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
This module persists an API key locally and configures access to a remote service, which is materially broader than the declared image-extraction/base64 conversion purpose. Capability mismatch is dangerous because it enables hidden credential handling and outbound service integration that users would not reasonably expect from the stated skill scope.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The code can write API credentials into a local .env file, creating durable secret storage that is not necessary for simple image extraction or base64 conversion. Persisting secrets increases the blast radius of compromise because the key may be exposed through backups, source packaging, local file disclosure, or reuse by other processes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill does not warn users that local file contents, remote URL-fetched images, or base64 image data may be transmitted to an external API for analysis. This is dangerous because users may unknowingly send sensitive screenshots, documents, or other private images off-device, creating confidentiality and compliance risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code transmits an API key in headers and forwards arbitrary request parameters to an upstream service without any visible consent, disclosure, or parameter restrictions in this file. In a skill advertised for local file/URL image extraction, this increases the risk of unexpected data exfiltration to a remote endpoint, especially if params may contain sensitive local content or URLs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API key is written to .env without any visible user-facing warning, confirmation, or disclosure. Silent persistence of credentials is risky because users may assume the secret is used only in-memory, while the implementation leaves a recoverable artifact on disk.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal