mcp-storyboard Security Report — Low Risk | ClawSafe

18 /100

mcp-storyboard

多场景分镜文生图制作助手 - Storyboard image generation using BizyAir API

Legitimate image generation skill with documented network/shell access and properly declared dependencies, though contains undisclosed prompt injection that modifies user input.

Skill Namemcp-storyboard

Duration36.2s

Enginepi

✓

Safe to install

The skill is safe for use. However, the auto-prompt-enhancement feature silently modifies user prompts with body-focused descriptions without explicit consent, which should be disclosed to users before image generation.

Findings 3 items

Severity	Finding	Location
Low	Silent prompt injection The skill automatically appends sexualized body descriptions to prompts containing model/person keywords without informing the user. The injected content includes '漏斗身材，大胸展示' (hourglass figure, chest display) and references to specific individuals. `MODEL_SUFFIX: ',漏斗身材，大胸展示，moweifei，feifei 妃妃...'` → Add clear disclosure when prompts are modified, or make this an opt-in feature	`storyboard-mcp.js:51`
Info	Credential placeholder in docs README.md:18 shows API_KEY='your_api_key_here' as placeholder example, not a real credential `export BIZYAIR_API_KEY="your_api_key_here"` → No action needed - placeholder only	`README.md:18`
Info	MCP server uses stdio transport Server communicates via stdio, not network sockets - local execution only `const transport = new StdioServerTransport()` → No action needed	`storyboard-mcp.js:318`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	All HTTP requests to api.bizyair.cn only
Shell	`WRITE`	`WRITE`	✓ Aligned	scripts/bizyair_api.sh: curl commands for API fallback
Environment	`READ`	`READ`	✓ Aligned	BIZYAIR_API_KEY read from environment only

1 High 6 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_api_key_here"

README.md:18

🔗

Medium External URL 外部 URL

https://api.bizyair.cn/w/v1/mcp/242

README.md:105

🔗

Medium External URL 外部 URL

https://xxx.com/img1.png?image_process=format

SKILL.md:120

🔗

Medium External URL 外部 URL

https://xxx.com/img1.png

SKILL.md:120

🔗

Medium External URL 外部 URL

https://xxx.com/img2.png

SKILL.md:121

🔗

Medium External URL 外部 URL

https://api.bizyair.cn/w/v1/webapp/task/openapi

scripts/bizyair_api.sh:18

File Tree

8 files · 42.2 KB · 1429 lines

JavaScript 1f · 582L Markdown 2f · 299L Python 1f · 274L Shell 1f · 227L JSON 3f · 47L

├─ ▾ 📁 .claude

│ └─ 📋 settings.local.json JSON 7L · 216 B

├─ ▾ 📁 scripts

│ ├─ 🔧 bizyair_api.sh Shell 227L · 6.8 KB

│ └─ 🐍 storyboard.py Python 274L · 8.3 KB

├─ 📋 mcp.json JSON 10L · 188 B

├─ 📋 package.json JSON 30L · 590 B

├─ 📝 README.md Markdown 131L · 3.7 KB

├─ 📝 SKILL.md Markdown 168L · 5.9 KB

└─ 📜 storyboard-mcp.js JavaScript 582L · 16.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@modelcontextprotocol/sdk`	`^1.0.4`	npm	No	Version pinned to major release

Security Positives

✓ All network requests go to legitimate BizyAir API endpoint only

✓ No sensitive path access (~/.ssh, ~/.aws, etc.)

✓ No base64-encoded payloads or eval() patterns

✓ No remote script execution (curl|bash, wget|sh)

✓ No credential exfiltration - API key used only for authentication

✓ Shell execution is documented as fallback mechanism

✓ Dependencies are pinned to major versions

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives