ClawHub

VN Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real local VN media-processing skill, but it needs review because it can silently install and run a downloaded helper tool on the user’s Mac.

Install only if you are comfortable with this skill downloading and persisting a native helper executable for VN Video Editor. Prefer reviewing the helper source/release provenance, confirming the checksum from a trusted source, and approving any CLI or model download before it runs. Treat previews sent through chat platforms as uploads of derived media, even though the main editing work is described as local.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill advertises that processing is fully local with no cloud upload, yet it instructs the agent to download executables/models and perform runtime platform lookups. Even if media processing itself stays local, these undisclosed network actions violate the stated trust boundary and can surprise users in security-sensitive environments.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The preview-delivery section expands the skill from local media processing into transmitting derived media over remote channels and making platform-specific upload decisions. That materially changes the data-handling model by creating an exfiltration path for user content beyond the local machine.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata promises that all processing runs locally on-device with no cloud upload, but the reference explicitly states some captioning engines may download Whisper models on first use. Even if media stays local, undeclared network access changes the trust boundary, can violate user expectations in restricted environments, and may create privacy, compliance, or supply-chain risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill directs the agent to silently install or update an external CLI executable without informing the user. Silent executable deployment with persistence in the user's home directory is dangerous because it bypasses informed consent and increases supply-chain and post-compromise persistence risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
These instructions download a zip from the internet, extract it, mark a binary executable, alter quarantine metadata, and persist it under ~/.openclaw/tools. This is a classic high-risk supply-chain pattern because a compromised release, dependency, or distribution channel could lead to arbitrary code execution on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal