ClawHub

Huo15 Img Test

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about its image-prompt features, but its “safety” mode intentionally rewrites sensitive prompts to improve acceptance by image platforms.

Install only if you specifically want this prompt-engineering workflow and are comfortable reviewing rewritten prompts yourself. Treat the safety rewrite as a sensitive feature, not a guarantee of compliance; avoid using it to bypass platform rules. Only set API keys for providers you intend to use, keep endpoint override variables pointed at trusted services, and do not send confidential prompts or images to cloud backends unless you accept those providers’ terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The changelog states that `--polish` sends user prompt content to the Claude API using `ANTHROPIC_API_KEY`, but it does not clearly warn that user-supplied text will be transmitted to a third-party service. In a prompt-processing skill, users may reasonably assume local transformation unless remote disclosure is made explicit, creating privacy and compliance risk for sensitive prompts or proprietary content.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The changelog advertises direct rendering via HTTP backends such as ComfyUI, SD-WebUI, and DALL-E, but does not clearly warn that prompts and possibly related metadata will be sent over local or external network interfaces. This can expose sensitive user inputs to remote services, misconfigured local services, logs, or other systems, especially when using URL overrides or cloud-backed endpoints.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list and aliases are extremely broad, including generic phrases like '提示词', '生成图片', '文生图', and '智能润色', which can cause the skill to activate in many unrelated conversations. Over-broad invocation increases the chance that user content is routed into file/network-capable scripts unexpectedly, especially given the documented remote backends and API integrations.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example says the agent should auto-trigger on a generic concept like '赛博朋克', which is ambiguous and likely to appear in normal discussion rather than as an intentional tool invocation. This broad activation path is risky because it can lead to unintended processing or transmission of user input through scripts that support remote services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to export an Anthropic API key and describes Claude API-based prompt polishing, but it does not prominently warn that user prompts and possibly related content will be sent to Anthropic. Lack of clear disclosure undermines informed consent and can expose sensitive creative prompts, proprietary material, or personal data to a third-party service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes remote HTTP backends such as SD-WebUI, ComfyUI, DALL-E, URL-based reverse prompting, and other networked render flows without a clear warning that prompts, images, and embedded metadata may be uploaded to external or remote systems. This is dangerous because image metadata can contain sensitive provenance data, and users may not realize local files or URLs are being transmitted beyond their environment.

Ssd 1

Medium
Confidence
89% confidence
Finding
The system prompt explicitly tells the model not to refuse and to rewrite borderline content into acceptable artistic phrasing, which weakens the model's safety posture. In a prompt-polishing tool, this can help users transform disallowed or risky requests into forms more likely to evade downstream platform moderation, especially for sexual or violent edge-case content.

Ssd 2

High
Confidence
97% confidence
Finding
The tool is explicitly designed to rewrite prompts so they are less likely to be flagged by image-platform safety systems, i.e. to improve passage through moderation while preserving sensitive underlying intent. Even though it refuses some hard-block categories, it still operationalizes policy-evasion for violence, nudity, horror, weapon references, real-person references, and brand terms, which can help users circumvent downstream safeguards.

Ssd 2

High
Confidence
99% confidence
Finding
The substitution dictionary contains many euphemistic replacements for moderation-sensitive terms such as blood, kill, weapon, naked, sexy, corpse, celebrity, and firearm models. This is dangerous because it provides a reusable mechanism for laundering unsafe or restricted prompts into semantically similar wording that may evade heuristic filters on third-party generation systems.

Ssd 4

Medium
Confidence
95% confidence
Finding
The documented workflow implements a structured bypass pipeline: detect hard red lines, identify borderline terms, then rewrite them according to platform strictness. In context, this makes the skill more dangerous because it is tailored to different providers’ moderation profiles, increasing the likelihood that restricted content can be rephrased to slip through specific platform defenses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal