ClawHub

短视频发布策略生成器

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent video-publishing purpose, but its cover-image workflow gives broad, under-disclosed authority to edit images in official-looking ways and send them to a configurable external API.

Review before installing. Use only with images and templates you own or are licensed to edit, confirm the exact API base URL and credential being used, avoid sensitive client material, and delete the response log after generation. Do not use the replication prompts to impersonate third-party official materials or remove ownership indicators.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation clearly instructs the agent to read local files (`prompt_template.txt`, `replication_prompt.txt`, `fusion_prompt.txt`) and to produce output files via a Python script, but no permissions are declared. This creates a capability/permission mismatch that can bypass expected user or platform review controls and makes the skill more dangerous because it handles arbitrary local paths and file outputs during image generation.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The prompt explicitly instructs removal of existing text and replacement with new text while making the result look like an 'official, seamless modification.' That enables deceptive image editing rather than simple cover generation, and exceeds the stated business purpose of generating publishing assets from copy.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The prompt combines deceptive editing instructions with explicit watermark removal, which facilitates unauthorized alteration of branded or protected media. In the context of a video publishing skill, this is especially dangerous because it can be used to impersonate official materials and strip ownership indicators at scale.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends the entire source image to an external model endpoint specified by --base-url, but it does not present any user-facing disclosure, consent flow, or restriction on what images may be uploaded. Because cover images can contain sensitive or proprietary content and the destination service is configurable, this creates a real data-exposure risk rather than a purely cosmetic issue.

Natural-Language Policy Violations

High
Confidence
95% confidence
Finding
The phrase directing an 'official' and seamless modification is a clear deceptive instruction aimed at making edits indistinguishable from authentic source material. That materially increases the risk of fraud, impersonation, and misleading promotional content, particularly for a tool intended to automate publishing workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal