ClawHub

ReelClaw

Security checks across malware telemetry and agentic risk

Overview

ReelClaw matches its video-production purpose, but it needs review because it can spend credits, upload unpublished media to third parties, and publish or delete real social posts without strong approval boundaries.

Install only if you are comfortable granting a single workflow access to DanSUGC credits, analytics, connected TikTok/Instagram accounts, Gemini video processing, and temporary public file hosting. Use limited or test accounts where possible, confirm each purchase/upload/post/delete action manually, avoid sensitive recordings, and do not run the sudo/package-install preflight steps automatically. Static scan was clean and VirusTotal was pending, but the Review verdict is based on the artifact’s own disclosed high-impact behaviors and missing guardrails.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (18)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The mandatory preflight step modifies the host by installing ffmpeg and downloading/installing fonts into user or system font directories. That exceeds simple validation and creates unnecessary system-wide side effects for a content-production skill, including privileged package installation via apt and persistence on the machine.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The publishing workflow uploads finished videos to tmpfiles.org to obtain a public URL, disclosing user media to an unrelated third party outside the declared core services. This can leak unpublished marketing assets or sensitive content and creates retention, access-control, and compliance risk with no strong user warning or consent gate.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation includes a ready-to-run command that uploads finished videos to tmpfiles.org, which is an unnecessary third-party public hosting step for a reel production/publishing workflow. This creates a data exfiltration and unintended public disclosure risk for media assets, especially if videos contain unreleased content, customer material, or embedded metadata.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation exposes a raw proxy that can forward requests to arbitrary ScrapCreators endpoints, expanding capability well beyond the narrowly described reel workflow. In an agent setting, this materially increases the chance of unauthorized data retrieval, third-party data transmission, or use of undocumented actions without user understanding or scope controls.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly advertises actions that send data to third-party services, purchase content, publish to social media accounts, and track analytics, but it does not provide clear warnings about external transmission, costs, or account-impacting side effects. In an agent-skill context, this is dangerous because an autonomous or semi-autonomous agent may execute these operations with real credentials, causing unintended purchases, posting, or disclosure of business/media data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the operator to upload completed reels to tmpfiles.org without prominently warning that the video becomes accessible through an external public host. In this context, the omission materially increases privacy and confidentiality risk because users may assume the workflow stays within DanSUGC/Gemini and local tooling.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instructions tell users to upload video files to tmpfiles.org and then print a 'Public URL' without any disclosure that this sends the asset to an external public file-hosting provider. In the context of a skill that handles production and publishing of reels at scale, this increases the likelihood of accidental leakage of proprietary or personal media and normalizes unsafe data handling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup command places the API key directly in a shell command line, which can leak through shell history, process inspection, terminal logs, screen recordings, or copied transcripts. While common in docs, omitting any handling warning is unsafe for a skill that expects users to paste live credentials into an agent tool configuration.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The guide enables creation, scheduling, updating, and deletion of live social-media posts without prominently warning that these actions affect real connected accounts. In an agent environment, that raises the risk of accidental publication, account misuse, or destructive changes when users may assume they are operating in a sandbox.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The raw proxy is documented without warning that arbitrary requests and parameters are forwarded to a third-party analytics service, which may include user data, URLs, or account-related information. This is especially risky in an agent skill because users may not realize that prompts or artifacts could be transmitted outside the primary platform.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Gemini instructions direct users to upload local video files to Google's API but provide no privacy, retention, or cross-border data transfer warning. For demo recordings, this may expose proprietary UI, customer data, or internal workflows to an external AI provider without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the user to upload local video files to Gemini for scoring, but it does not provide any warning about external transmission, third-party retention, or the possibility that reels may contain sensitive content. This is a real privacy/security issue because users may unknowingly send proprietary or personal media off-device.

External Transmission

Medium
Category
Data Exfiltration
Content
**Direct video upload for analysis:**
```bash
# Step 1: Upload video file
FILE_URI=$(curl -s -X POST \
  "https://generativelanguage.googleapis.com/upload/v1beta/files?key=$GEMINI_API_KEY" \
  -H "X-Goog-Upload-Command: start, upload, finalize" \
  -H "X-Goog-Upload-Header-Content-Type: video/mp4" \
Confidence
90% confidence
Finding
curl -s -X POST \ "https://generativelanguage.googleapis.com/upload/v1beta/files?key=$GEMINI_API_KEY" \ -H "X-Goog-Upload-Command: start, upload, finalize" \ -H "X-Goog-Upload-Header-Content-Typ

External Transmission

Medium
Category
Data Exfiltration
Content
--data-binary @"DEMO.mp4" | python3 -c "import sys,json; print(json.load(sys.stdin)['file']['uri'])")

# Step 2: Analyze
curl -s "https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite-preview:generateContent?key=$GEMINI_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"contents\": [{
Confidence
87% confidence
Finding
curl -s "https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite-preview:generateContent?key=$GEMINI_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 1. Upload video to Gemini File API
FILE_URI=$(curl -s -X POST \
  "https://generativelanguage.googleapis.com/upload/v1beta/files?key=$GEMINI_API_KEY" \
  -H "X-Goog-Upload-Command: start, upload, finalize" \
  -H "X-Goog-Upload-Header-Content-Type: video/mp4" \
Confidence
97% confidence
Finding
curl -s -X POST \ "https://generativelanguage.googleapis.com/upload/v1beta/files?key=$GEMINI_API_KEY" \ -H "X-Goog-Upload-Command: start, upload, finalize" \ -H "X-Goog-Upload-Header-Content-Typ

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
5. Restart Claude Code after adding

**Available MCP Tools:**
- `mcp__dansugc__search_videos` — Search by emotion, keyword, or semantic description
- `mcp__dansugc__get_video` — Get details for a specific video by ID
- `mcp__dansugc__purchase_videos` — Purchase videos (deducts credits, returns download URLs)
Confidence
84% confidence
Finding
Tools:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
**No extra setup needed** — posting tools are included in the same DanSUGC MCP server you already have.

**Available MCP Tools:**
- `mcp__dansugc__check_posting_subscription` — Verify posting plan is active
- `mcp__dansugc__list_posting_accounts` — List connected TikTok/Instagram accounts with IDs
- `mcp__dansugc__create_post` — Create, schedule, or publish immediately
Confidence
90% confidence
Finding
Tools:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
**Pricing:** $0.02 per request, deducted from your DanSUGC balance.

**Available MCP Tools:**
- `mcp__dansugc__tiktok_search_videos` — Search TikTok videos by keyword
- `mcp__dansugc__tiktok_user_videos` — Get a TikTok user's videos
- `mcp__dansugc__tiktok_search_users` — Search for TikTok users
Confidence
89% confidence
Finding
Tools:*

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal