OpenStoryline Use

Security checks across malware telemetry and agentic risk

Overview

The core OpenStoryline editing workflow is coherent, but the skill also includes an under-scoped Feishu sender that can upload local files using stored OpenClaw credentials.

Install only if you need both OpenStoryline editing and Feishu delivery. Before any Feishu send, verify the exact file path and recipient, keep uploads limited to generated video outputs, use least-privilege credentials, avoid committing config.toml with API keys, keep services bound to 127.0.0.1, and stop local services when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill clearly instructs the agent to read local files and environment-backed config, start MCP/web services, and make network requests, yet it declares no permissions. This creates a transparency and governance gap: users and enforcement layers cannot accurately assess or constrain what the skill can access or transmit.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The manifest describes a local OpenStoryline usage workflow, but the body also includes Feishu-based file transmission and reading OpenClaw credential/config material from the user's home directory. That mismatch is dangerous because users may consent to local editing actions without realizing the skill can exfiltrate generated or arbitrary local files to an external messaging platform using existing tokens.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: Including Feishu file-sending in a skill whose stated purpose is running a local video-editing service expands the trust boundary from local processing to third-party transmission. That unjustified capability can be abused to send sensitive video outputs or other local files externally under the guise of completing the editing workflow.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This script provides Feishu file upload and messaging capabilities, which are unrelated to the declared OpenStoryline local MCP/web-service and video-editing purpose. Capability mismatch is dangerous because it introduces covert data-transfer functionality into a skill where users would not reasonably expect local files and credentials to be used for external messaging.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The code accepts an arbitrary local file path, uploads the file contents to Feishu, and sends it to a chat/user identifier. In the context of an OpenStoryline editing skill, this is unjustified exfiltration capability that could leak sensitive local files, project assets, tokens, or source code to an external service.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script reads Feishu/OpenClaw configuration, including app credentials and recipient identifiers, from a local config file and environment variables unrelated to the stated skill purpose. This expands the blast radius by enabling the skill to reuse preexisting local secrets and communication channels for external transmission without the user supplying them directly.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to place API keys, access tokens, and service endpoints into configuration without clear warnings about secret handling, storage risk, or log exposure. In a workflow that also starts long-running services and uses shell commands, poor secret-handling guidance can easily lead to accidental credential leakage in config files, terminal history, screenshots, or logs.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The instructions to send the generated video via Feishu do not warn that user media will be transmitted to an external service and may become subject to that platform's retention, access controls, and account bindings. Without a privacy notice and explicit confirmation, users may unknowingly disclose sensitive video content outside the local environment they expected.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The main flow uploads and sends the selected file immediately once arguments are parsed, with no warning, dry-run display, or interactive confirmation. In a skill context that does not advertise external sharing, the lack of consent makes accidental or covert disclosure materially more dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal