ClawHub

Beauty Image

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI image-generation skill that uses configured provider API keys and sends prompts to external image services as expected.

Install if you are comfortable sending image prompts and any business, branding, or personal design details to the configured Wanx or Seedream provider, and to DeepSeek when using --use-llm. Configure only the provider keys you intend to use, avoid putting secrets in prompts, and save returned images only when you trust the provider output URL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'image_url' from requests.post (line 238, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
output_path.parent.mkdir(parents=True, exist_ok=True)
            
            print("Downloading image...")
            img_response = requests.get(image_url, timeout=30, verify=not args.no_verify_ssl)
            img_response.raise_for_status()

            # Save the image
Confidence
96% confidence
Finding
img_response = requests.get(image_url, timeout=30, verify=not args.no_verify_ssl)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill reads credentials from `~/.openclaw/openclaw.json`, pulling secrets from another application's config without the user explicitly supplying them for this run. Cross-tool secret harvesting increases blast radius: a user invoking an image helper may unknowingly grant it access to stored credentials from unrelated local software.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The LLM path sends raw user input to a third-party DeepSeek API, and this file contains no visible consent, notice, or data-minimization guard before transmission. Because user prompts may contain personal, business, or sensitive content, this creates a privacy and compliance risk even if the feature is optional.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The code accepts an API key and uses it to authorize requests to an external service, but the file shows no warning or guardrails around remote service use, key sourcing, or safe handling. This is primarily a configuration and operational security issue rather than direct secret leakage in this snippet, but it can still lead to misuse or unsafe deployment practices.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal