ClawHub
Back to skill

Security audit

Tensorslab Video

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TensorsLab video-generation helper that uses an API key, sends chosen prompts/images to TensorsLab, and saves generated videos locally as disclosed.

Install only if you are comfortable using a TensorsLab account key, potentially spending account credits, sending your prompts and selected source images to TensorsLab, and saving generated videos on disk. Prefer the environment variable over passing the API key on the command line, and review the script's session-level proxy setting if your network requires a proxy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly relies on environment variables, shell commands, network access, and local file output, but it does not declare corresponding permissions. This can undermine platform trust and user consent because the runtime capabilities exceed what metadata communicates, especially for a skill that downloads generated media and writes it to disk.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill description says videos are saved locally, but it does not clearly warn users before a write occurs or emphasize that generated files will be persisted on disk. While not an exploit by itself, silent or unexpected disk writes can surprise users, create privacy issues, or fill storage when processing large media outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.