ClawHub

Chanjing Avatar

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Chanjing API client that handles credentials and uploads user-selected media for lip-sync video generation.

Install only if you intend to use Chanjing Avatar. Store credentials.json in a protected local directory, do not commit it, keep the API base URL on the official Chanjing endpoint, and upload only media you are comfortable sending to Chanjing for processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill metadata explicitly says permissions and policy should be defined in manifest.yaml, but this file advertises capabilities to read/write files, access environment variables, invoke shell commands, and make network requests without any declared permissions in the provided artifact. That creates a trust and review gap: an agent may execute sensitive operations without clear consent boundaries or enforceable least-privilege controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to read app credentials and persisted tokens from disk and send them to a third-party API, but it does not give a clear warning about handling secrets, token invalidation, storage risks, or privacy implications. This can lead users or downstream agents to expose long-lived credentials or reuse them unsafely without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation tells users to upload local audio/video and later fetch result URLs from an external service, but it does not prominently warn that user media and generated outputs are being transferred to and stored by a third party. For potentially sensitive recordings, this missing disclosure can cause unintended privacy, confidentiality, or compliance exposure.

Credential Access

High
Category
Privilege Escalation
Content
## Scripts

本 Skill 提供脚本(`skills/chanjing-avatar/scripts/`),与 **chanjing-credentials-guard** 使用同一配置文件(`~/.chanjing/credentials.json`)获取 Token。

| 脚本 | 说明 |
|------|------|
Confidence
91% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
name: chanjing-avatar
description: >-
  Use Chanjing Avatar API for lip-syncing video generation (upload audio/video,
  create tasks, poll results).
credential: credentials.json (app_id/secret_key; access_token persisted on disk)
openclaw_primary_env: false
environment: CHANJING_OPENAPI_CREDENTIALS_DIR, CHANJING_OPENAPI_BASE_URL
Confidence
87% confidence
Finding
create tasks, poll results). credential: credentials.json (app_id/secret_key; access_token persisted on disk) openclaw_primary_env: false environment: CHANJING_OPENAPI_CREDENTIALS_DIR, CHANJING_OPENAP

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal