ClawHub

Arch Video Cut

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local video-editing skill, but it needs review because editable local preferences are inserted into shell commands and the documented learning opt-out is not enforced.

Install only if you are comfortable running a local media-processing Python script. Before use, inspect or recreate config/user_preferences.json yourself, do not import preference files from untrusted sources, confirm the hardcoded audio path and output filenames, and expect local preference/history data plus generated media files to be written under the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"""运行命令并打印进度"""
    if description:
        print(f"🎬 {description}...")
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
    if result.returncode != 0:
        print(f"❌ 失败:{result.stderr}")
        return False
Confidence
97% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
]
    
    # 获取音频时长
    result = subprocess.run(
        f'ffprobe -v error -show_entries format=duration -of default=noprint_wrappers=1:nokey=1 "{AUDIO_FILE}"',
        shell=True, capture_output=True, text=True
    )
Confidence
88% confidence
Finding
result = subprocess.run( f'ffprobe -v error -show_entries format=duration -of default=noprint_wrappers=1:nokey=1 "{AUDIO_FILE}"', shell=True, capture_output=True, text=True )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 显示文件信息
    if OUTPUT_FILE.exists():
        size = OUTPUT_FILE.stat().st_size / 1024 / 1024
        result = subprocess.run(
            f'ffprobe -v error -show_entries format=duration -of default=noprint_wrappers=1:nokey=1 "{OUTPUT_FILE}"',
            shell=True, capture_output=True, text=True
        )
Confidence
84% confidence
Finding
result = subprocess.run( f'ffprobe -v error -show_entries format=duration -of default=noprint_wrappers=1:nokey=1 "{OUTPUT_FILE}"', shell=True, capture_output=True, text

Missing User Warnings

Low
Confidence
89% confidence
Finding
The README instructs users to run an automated workflow over local media files and identifies specific input/output paths, but it does not clearly warn that the process will read user-provided local files and create or overwrite generated outputs. This is primarily a transparency and safe-operation issue: users may unintentionally expose personal media or lose prior outputs if they do not understand the file handling behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide advertises automatic learning and retention of user editing preferences and history, but the early description does not clearly warn that this data is persisted on disk and retained across runs. This can create an informed-consent and privacy issue because users may not realize their usage history and settings are being stored locally in a durable file.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The reset command is presented as a simple operation without a clear warning that it overwrites stored preferences and restores defaults. This can lead to accidental loss of user-customized settings and learning history if a user invokes the command without understanding its effect.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill clearly performs file-generating and file-modifying actions, including writing outputs under data/ and creating temporary edit artifacts, but the description does not prominently warn users about those side effects before execution. While this is not an exploit by itself, missing disclosure can lead users to run the workflow without understanding that existing files, storage contents, or temp directories may be altered or overwritten.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal