ClawHub

NewTest白木

Security checks across malware telemetry and agentic risk

Overview

The skill mostly fits its video-generation purpose, but it also exposes credential and destructive account operations without enough explicit user controls.

Install only if you trust the external narrator-ai-cli package and Narrator AI service. Use a limited API key, confirm uploads, deletions, batch jobs, and costs before execution, and do not allow the agent to run key-management commands unless you explicitly requested that account action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The skill exposes account-management operations such as `user login`, `user keys`, and `user create-key`, which are not necessary for the core narration workflow and expand the blast radius from media generation into credential and key lifecycle management. In an agent setting, this can enable unnecessary access to account secrets or creation of additional API keys, increasing the risk of credential sprawl or misuse if invoked without strong user intent checks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README encourages installation into general-purpose agents and says users can trigger the skill with a broad natural-language request like 'create a movie narration video.' Broad invocation phrasing can cause accidental activation on ordinary requests, especially in agents that auto-load markdown skills, leading to unintended API calls, content generation, or downstream file/task operations.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README advertises file deletion capability as part of the skill surface without any warning, confirmation guidance, or scope limitation. In an agent setting, this increases the chance that a user or model triggers destructive operations on local or remote assets without understanding permanence or target scope.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README markets the skill with a very broad natural-language trigger like “帮我做一个电影解说”, which overlaps with ordinary user requests and provides no activation boundaries. In agent ecosystems that auto-load or route by semantic similarity, this can cause unintended invocation of a skill that performs external actions such as API calls, media processing, and file generation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example utterances are all imperative requests that suggest automatic execution, but the document does not state when the skill should decline, ask clarifying questions, or avoid activation. This increases the risk of accidental routing and unintended use of remote services, especially because the skill supports batch creation and downstream content generation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that the AI will automatically search films, generate scripts, synthesize videos, and return a download link, but it does not warn the user that this involves external services, uploading/processing content, and potentially billable operations. That omission can mislead users about where their data goes and what actions the agent will perform on their behalf.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal