ClawHub

Seedream 5.0 — AI Image Generation & Editing by ByteDance

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid Atlas Cloud image-generation helper that sends user-provided prompts and selected images to the service, with no hidden persistence or destructive behavior found.

Install only if you are comfortable sending prompts, image URLs, and deliberately uploaded local images to Atlas Cloud and paying per generated image. Avoid sensitive images or confidential prompts, monitor Atlas Cloud usage, and confirm the selected model and batch size before running larger jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill requires an API key and clearly performs outbound network requests, but it does not declare corresponding permissions. That creates a transparency and governance gap: users or hosting platforms may authorize the skill without understanding that it can access environment secrets and transmit prompts or image references to a third-party service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose narrows the skill to ByteDance Seedream image generation, but the behavior reportedly supports broader Atlas Cloud model enumeration, arbitrary model selection, and local file upload. This mismatch is security-relevant because users may consent to a limited image-generation workflow while the implementation can route data to other models or upload local content in ways not clearly disclosed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger text is extremely broad, covering nearly any request related to visuals, graphics, illustrations, or AI art. Over-broad invocation increases the chance the skill activates in contexts where users did not intend third-party image generation or external data transfer, which can lead to unnecessary disclosure of prompts, images, or paid API usage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal