ClawHub

Ai Video From Bilibili

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks the agent to use a persistent knowledge-base capability with vague triggers and mixed-in unrelated learned content, so it should be reviewed before installation.

Install only if you are comfortable with a skill that may write AI-video-related content into a knowledge base through local OpenClaw capability code. Review or tighten the triggers, require confirmation before storing anything, and verify the referenced local capability code before using it with private or sensitive video notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documented capability says it saves an AI video generation summary to a knowledge base, but the skill body contains large amounts of unrelated merged notes, external references, and learned content. This mismatch can cause the agent to invoke the skill in contexts the user did not intend, and can lead to unintended storage or retrieval of noisy or irrelevant data in the knowledge base.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The top-level description presents a narrowly scoped knowledge-base write action, but the actual skill content operates more like an aggregated repository of AI-video-adjacent notes and external video references. In an agent environment, this kind of scope drift weakens operator understanding and can result in improper invocation, overcollection of content, or accidental persistence of unreviewed external material.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The listed trigger phrases are broad everyday language around AI video summaries and saving video knowledge, making accidental activation more likely. In a skill that appears to write to a knowledge base, ambiguous triggers increase the risk of unintended data entry, noisy automation, and user actions being interpreted as authorization to persist content.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation condition includes vague help-seeking language like users needing related help, which is too open-ended for a capability tied to stored knowledge or action execution. This can cause the agent to route benign discussion into an operational skill path, increasing the chance of unauthorized or unexpected persistence and cross-skill contamination.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Using a single-word trigger like 'Topaz' is too generic and likely to collide with normal conversation, product discussion, or unrelated support requests. Although the immediate impact is lower than direct code execution, such collisions can still misroute the agent into an unintended skill flow and cause confusion or undesired actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal