ClawHub

Hidream Aigc

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed HiDream/Vivago image and video generation client, but users should protect their API token and only use trusted endpoints and input files.

Install only if you trust the HiDream/Vivago service and are comfortable sending prompts, task metadata, your API token, and any provided image or video files to the configured endpoint. Do not set HIDREAM_ENDPOINT or OPENCLAW_ENDPOINT to an untrusted host, use a dedicated or revocable API token where possible, and avoid passing private local files unless you intend to upload them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Tainted flow: 'endpoint' from os.getenv (line 70, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
endpoint = f"{ENDPOINT}{path}"
    headers = _headers(authorization)
    # print(payload)
    submit_resp = requests.post(endpoint, json=payload, headers=headers, timeout=30)
    if submit_resp.status_code != 200:
        raise RuntimeError(f"http error: {submit_resp.status_code} {submit_resp.text}")
    resp_json = submit_resp.json()
Confidence
95% confidence
Finding
submit_resp = requests.post(endpoint, json=payload, headers=headers, timeout=30)

Tainted flow: 'result_url' from os.getenv (line 87, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
result_url = endpoint + "/results"
    start = time.time()
    while True:
        query_resp = requests.get(
            result_url,
            params={"task_id": task_id},
            headers=headers,
Confidence
94% confidence
Finding
query_resp = requests.get( result_url, params={"task_id": task_id}, headers=headers, timeout=30, )

Scope Creep

Medium
Confidence
97% confidence
Finding
The code explicitly permits overriding the service endpoint through environment variables, which lets it contact destinations beyond the skill's stated `https://vivago.ai` boundary. In this skill, that is especially sensitive because the client also reads local image/video files and sends bearer credentials, making arbitrary egress materially dangerous.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0
Confidence
97% confidence
Finding
requests>=2.25.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal