ClawHub

Huo15 Comic Character

Security checks across malware telemetry and agentic risk

Overview

The skill coherently generates character images from a user-provided script using a paid Seedream/Ark API, with no evidence of hidden execution, credential theft, destruction, or unrelated automatic behavior.

Install only if you intend to use Volcengine Ark/Seedream for paid image generation. Use a limited ARK_API_KEY with provider budget controls, review script.json before running because character details are transmitted to the provider, and choose an output directory inside a project you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill description and embedded command clearly indicate capabilities to read local files (`script.json`), write output files (`characters/`, `manifest.json`), invoke Python code, likely consume environment-based configuration for model access, and call an external model service (`Seedream 4.0`). Having these capabilities without declaring permissions creates a transparency and policy-enforcement gap: a host may allow the skill to run without realizing it can access files and make network requests. In this context the behavior appears aligned with the skill’s stated purpose, so the issue is more about undeclared capability exposure than overtly malicious behavior.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
_image_to_data_uri reads any local file path provided by the caller, base64-encodes it, and upstream callers send the resulting data URI to a remote API. In this skill context, that creates a real data-exfiltration risk because a path intended as an image can silently transmit arbitrary local files if higher-level inputs are attacker-controlled or insufficiently validated.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The video submission API accepts reference audio/video inputs and forwards them to an external endpoint without any indication of consent, validation, or disclosure in this module. In a character-card image skill, such off-scope media transmission is more suspicious because users would not reasonably expect audio or unrelated media to be uploaded as part of the advertised function.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code sends prompts derived from the input script's character data to an external image-generation service via `client.generate_image(prompt=prompt, size=size)` without any visible consent, disclosure, or filtering. Because `visual` and `personality` fields may contain sensitive or proprietary story details, this can leak user content to a third-party provider and create privacy, confidentiality, or IP exposure risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal