ClawHub

Easy Image

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-generation helper, but users should understand that prompts, API keys, generated files, and saved prompt preferences may involve external services and local persistence.

Install only if you are comfortable using external image-generation and search providers. Use a dedicated API key, avoid confidential prompts or private image URLs when grounding/search is enabled, review the default provider/region, and periodically inspect or clear the local personal prompt library if it may contain sensitive project details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (37)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The architecture extends a nominal image-generation skill into automatic web-search grounding, which materially changes the data flow and trust boundary. User prompts and derived subjects may be sent to search providers and external services without an explicit consent step, increasing privacy exposure and creating capability creep beyond the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The design instructs the skill to read API keys from external per-platform config directories such as ~/.jiekou/config.json. Accessing unrelated credential stores broadens the skill's access to sensitive secrets and creates unnecessary secret-handling risk if the skill is compromised or behaves unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The document explicitly makes web-grounded search the default for most image-generation requests, expanding a local prompt-to-image workflow into routine external retrieval. This is dangerous because user prompts may contain sensitive business, product, campaign, or personal information that would be unnecessarily transmitted to external search providers without a clear necessity check.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The decision flow says broad categories like named entities, styles, characters, or unclear terms should default to web-grounded search, even when the request is ordinary creative generation. That creates unnecessary external data exposure and over-collection, especially in workplace contexts where prompts may reveal confidential marketing plans, unreleased products, or internal project details.

Context-Inappropriate Capability

Low
Confidence
79% confidence
Finding
The examples normalize web/image search for generic creative prompts like scenes or stylistic requests that do not inherently need factual grounding. While lower severity than the default policy itself, these examples reinforce unsafe operator behavior and make unnecessary external lookups more likely in practice.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The file includes a preset to generate marketing imagery for a vape device, which introduces support for promoting a regulated and potentially harmful consumer product. In a workplace-focused professional image assistant, this broadens the skill into a sensitive content area and may enable policy violations, unsafe promotional use, or reputational and compliance issues for enterprise deployments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that web search is enabled by default and will automatically search user-provided brands, characters, and style references, but it does not warn users that their inputs may be transmitted to external services. In a workplace-oriented skill, prompts may contain confidential campaign plans, unreleased product names, or other sensitive business context, so automatic outbound lookup increases privacy and data-leak risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup flow instructs users to provide an API key but gives no guidance on safe credential handling. This is dangerous because users may paste long-lived secrets into chat-style interfaces, logs, transcripts, or agent memory where they can be exposed, retained, or reused beyond the user's intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises saving prompts to a local personal library and silently reusing them later, but does not clearly warn users that prompts persist on disk or may contain sensitive business information. Silent reuse can also surface prior confidential context into later generations, causing unintended disclosure across projects or users on shared systems.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The config commands are defined as short natural-language phrases like "switch to Novita" and "save to desktop," which can plausibly appear in ordinary conversation and be interpreted as state-changing commands without strong confirmation. In this skill, those commands can alter provider selection, API credentials, or filesystem save behavior, so accidental triggering could cause unexpected external API use or downloads.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that generated images are auto-downloaded to a configured local path and even describes this as blanket download authorization, but it does not present a clear upfront warning in the user-facing description. That creates a risk of unexpected writes to the local filesystem, which is more concerning because saving occurs automatically and in the background.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill says it will call external image-generation APIs and enables web grounding for named entities, but it does not clearly warn users that their prompts and possibly sensitive content may be transmitted to third-party services and external web sources. In a workplace-oriented image tool, prompts may contain confidential marketing plans, product details, internal brand assets, or customer information, making the omission materially risky.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The schema sets the default platform to "jiekou", which is explicitly labeled as a CN-region provider, causing requests to flow to that provider unless the user actively changes it. This creates an implicit data-routing and privacy risk because user prompts, business content, or image-generation inputs may be sent to a jurisdiction-specific service without clear user opt-in, which is especially relevant for a workplace-focused skill handling potentially sensitive corporate material.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The architecture specifies silent reuse of entries from the user's personal prompt library based on similarity, without notice or confirmation. This can unexpectedly inject prior private or sensitive prompt content into new requests and external API calls, violating user expectations and potentially disclosing confidential context.

Missing User Warnings

High
Confidence
95% confidence
Finding
The architecture documents automatic web search and transmission of prompt data to external APIs without a clear user-facing privacy warning or consent step. Because search may disclose brands, product plans, internal topics, or personal data embedded in prompts to third parties, this creates a meaningful privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples explicitly ask users to paste full API keys into chat without any warning about secure handling, masking, or safer alternatives. This normalizes submitting secrets through conversational history, which may be logged, retained, or exposed to operators and integrations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes saving outputs and style preferences to a personal library for future reuse, but gives no privacy notice about what is stored, how long it is retained, or whether user prompts and generated content may be reused automatically. This can lead users to unknowingly persist potentially sensitive business themes, creative direction, or personal preferences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example shows prompts being sent to external image-generation providers, but it does not clearly disclose that user input and derived prompts leave the local skill context and are transmitted to third parties. In a workplace-oriented skill, prompts may include confidential campaign, product, or internal presentation information.

Vague Triggers

Medium
Confidence
90% confidence
Finding
A blanket instruction to default to web search for most cases is overly broad and underspecified, so implementers may send nearly all prompts externally. In a workplace image skill, that ambiguity increases privacy and compliance risk because normal business prompts can be interpreted as requiring search with no meaningful constraint.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger rule 'any named entity, character, brand, style, or unclear term' is so ambiguous that ordinary harmless prompts can match and be routed to search. This weak prompt policy can be exploited or simply misapplied, causing systematic unnecessary disclosure of user inputs to external services.

Missing User Warnings

High
Confidence
97% confidence
Finding
The guidance recommends web search by default but does not include any user-facing warning, consent flow, or privacy notice that prompt contents may be sent to external providers. In a professional workplace assistant, this is especially dangerous because prompts may contain confidential company information, client data, or sensitive campaign details, creating significant privacy, contractual, and compliance exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly recommends storing a live API key in a plaintext config file under the user's home directory without any warning about credential sensitivity, filesystem permissions, or safer secret-storage alternatives. This increases the likelihood of credential leakage through backups, dotfile syncing, shared accounts, accidental commits, or local compromise, which could enable unauthorized API usage and billing abuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples enable Google web/image search and grounding by default, but do not warn that prompts and possibly user-supplied text or image-derived context may be sent to external Google services. In an image-generation workplace skill, users may submit confidential marketing, product, or internal business content, so silent external transmission creates a meaningful privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly enables web/image search for prompt-driven image generation but does not warn that user prompts, derived search queries, and possibly related metadata will be sent to external services. In a workplace image-generation skill, users may include confidential product plans, campaign details, or internal brand information in prompts, creating an avoidable data disclosure risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The image-editing example combines external image processing with web search but omits any warning that the supplied `image_url`, prompt, and potentially image-derived content may be shared with external providers. In a professional workplace setting, edited images may contain internal documents, unreleased product visuals, or personal data, so undisclosed transmission materially increases privacy and confidentiality risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal