ClawHub

Video News Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and user-directed, but it can create persistent cron jobs and network-accessible video servers that users should understand before running.

Install only if you want automated news downloads and local streaming. Before running the server, make sure ports 8093 and 8095 are not reachable from untrusted networks; before installing cron, confirm you want recurring daily downloads and know how to remove the jobs. Treat subtitle text as shareable with DeepSeek only if you manually submit the generated prompt.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises and documents shell execution, file reads/writes, server setup, and cron installation, yet no permissions are declared. This creates a transparency and consent problem: users or platforms may invoke a skill with broader side effects than expected, including persistent scheduled tasks and local file modification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose understates several materially sensitive behaviors: editing system crontab, binding HTTP servers to 0.0.0.0, deleting or cleaning up media files, and only preparing proofreading artifacts instead of actually performing AI correction. This mismatch can mislead users into granting trust to a skill that creates persistence, network exposure, and destructive file operations beyond what they reasonably infer from the description.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation encourages serving downloaded videos over HTTP and lists reachable endpoints, but does not warn that the service may be network-accessible or discuss authentication, binding address, or access control. In context, this can unintentionally expose locally stored media and related files to other hosts on the network.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill promotes cron-based automation without clearly warning users that scheduled jobs will persist and continue running after setup. Persistent tasks can repeatedly download content, modify files, consume bandwidth/storage, and maintain exposure long after the initial invocation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow explicitly describes always-running HTTP servers on fixed ports serving embedded players and direct MP4 links with CORS enabled, but gives no warning about network exposure or access restrictions. In context, this can unintentionally expose locally hosted media to other systems on the network and broaden cross-origin access, especially if the server binds beyond localhost.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script starts Python's HTTP server bound to 0.0.0.0, exposing the video directories on all network interfaces without authentication, access controls, or a prominent warning. In this skill's context, the server is intentionally used for local streaming, but binding broadly from /root-owned directories increases the chance of unintended LAN exposure or broader reach if the host is internet-accessible or port-forwarded.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal