ClawHub

AI短视频脚本生成器

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent AI video-script generator, but it embeds live-looking service keys and can trigger paid billing through broad automatic request handling rather than only an explicit generation action.

Install only after reviewing the billing behavior and accepting third-party AI processing. The publisher should rotate/remove embedded keys, require explicit confirmation before charging, document where script history is stored and retained, and disable debug/public binding for normal use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation indicates network-capable behavior and third-party service use, but no permissions are declared. That creates a transparency and consent problem: users and hosting platforms cannot accurately assess what external communications will occur or what data may leave the environment. In a paid script-generation skill, hidden network use is especially risky because prompts and usage metadata may be transmitted off-platform.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose is script generation, but the behavior includes automatic billing on requests, external transmission of user content to AI services, and embedded third-party credentials. This mismatch undermines informed consent and can lead to unexpected charges and undisclosed data sharing, which is more dangerous in a tool that stores and manages user-created content. The presence of automatic charging before non-home/payment requests increases abuse potential if requests are triggered unintentionally or repeatedly.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation exposes a live-looking payment API key in plaintext. Anyone with access to the file could reuse the credential to invoke payment APIs, incur charges, impersonate the skill, or probe the associated account and infrastructure. In a monetized skill, exposed billing credentials directly increase financial and operational risk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill advertises saving, viewing, deleting, and exporting scripts but provides no warning about persistence, retention, or the consequences of deletion. Users may assume content is ephemeral when it is stored locally, creating privacy, data-loss, and expectation-management risks, especially if generated scripts contain business plans, marketing copy, or personal information.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The app automatically attempts to charge users in a before_request hook for most endpoints, without any visible in-file disclosure or explicit per-action confirmation. This creates a risk of unexpected billing and weak user consent, especially because merely accessing functionality can trigger a charge path.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
User-supplied topic and platform are sent to an external AI provider, but this file does not show any disclosure, consent, or data-minimization controls. If users include sensitive business, personal, or client data in prompts, that data is transmitted off-platform without clear notice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal