ClawHub

tokenrouter-image-generator

Security checks across malware telemetry and agentic risk

Overview

This is a transparent TokenRouter image-generation helper, but users should protect API keys and avoid sending private images unless they trust TokenRouter.

Install only if you intend to use TokenRouter for image generation or editing. Prefer setting PBD_TOKENROUTER_API_KEY through a local environment variable or secret manager instead of pasting keys into chat, and avoid sensitive prompts or private images unless you are comfortable sending them to TokenRouter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script falls back to reading an API key from ~/.openclaw/openclaw.json, which is outside the declared inputs for this skill. That causes the skill to harvest credentials from unrelated local agent configuration and then use them for an outbound request, violating least-privilege expectations and potentially exfiltrating a different provider secret without explicit user consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly tells users they can paste a TokenRouter API key directly into chat for the agent to pass through. Credentials entered into chat may be retained in logs, transcripts, analytics systems, or exposed to other tools in the agent workflow, turning a normal setup step into a secret-handling risk.

Ssd 3

Medium
Confidence
98% confidence
Finding
This line directly encourages secret disclosure to the agent by suggesting the user paste the API key into the conversation. In agent environments, chat content is often broadly accessible to logging, storage, debugging, and downstream tooling, so this creates an avoidable credential exposure path.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal