ClawHub

Video-Generator

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill is mostly purpose-aligned, but it can send URLs to a third-party scraping service and make a local preview publicly reachable without clear user opt-in.

Review before installing. Use it only when you are comfortable with selected brand/product URLs being processed by Firecrawl and with a local Remotion preview potentially being exposed via a public Cloudflare URL. Avoid giving it internal, private, or confidential URLs, and confirm before running scraping, dependency installation, dev servers, or tunnels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's 'Use when' description is broad enough to match many ordinary video-related requests, which increases the chance the agent invokes it in contexts the user did not intend. Because this skill includes network scraping, dependency installation, and public URL exposure, over-broad triggering expands the attack surface and can lead to unexpected external actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the agent to scrape brand data and expose a dev server through a Cloudflare tunnel, but the skill does not warn the user that it may collect external data or make a local service publicly reachable. This can create privacy, consent, and exposure risks, especially if triggered automatically or used in environments containing proprietary assets or code.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends a user-supplied URL and a bearer API credential to an external third-party service without validation, allowlisting, or any explicit warning/consent step. This can cause unintended data disclosure because arbitrary internal, sensitive, or private URLs may be submitted to the remote scraping service, which will then fetch and process them using the caller's API account.

External Transmission

Medium
Category
Data Exfiltration
Content
exit 1
fi

curl -s -X POST 'https://api.firecrawl.dev/v1/scrape' \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer ${FIRECRAWL_API_KEY}" \
  -d "{\"url\":\"$URL\",\"formats\":[\"markdown\",\"extract\",\"screenshot\"]}"
Confidence
88% confidence
Finding
curl -s -X POST 'https://api.firecrawl.dev/v1/scrape' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer ${FIRECRAWL_API_KEY}" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
exit 1
fi

curl -s -X POST 'https://api.firecrawl.dev/v1/scrape' \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer ${FIRECRAWL_API_KEY}" \
  -d "{\"url\":\"$URL\",\"formats\":[\"markdown\",\"extract\",\"screenshot\"]}"
Confidence
88% confidence
Finding
https://api.firecrawl.dev/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal