ClawHub

外语视频→爆款切片→四平台发布一条龙

Security checks across malware telemetry and agentic risk

Overview

This is a coherent video automation skill, but it needs Review because it can use logged-in social accounts to publish multiple posts immediately without a confirmation or dry-run safeguard.

Install only if you are comfortable with the skill installing media/browser automation dependencies, sending cover prompts to Ofox when AI covers are used, and using logged-in social-platform sessions to post content. Before publishing, review publish.json, run only a single item with --idx, use draft mode where available, keep backups of media outputs, and do not run configs from untrusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def find_ffmpeg(cfg):
    for c in (cfg.get("ffmpeg"), "/usr/local/opt/ffmpeg-full/bin/ffmpeg",
              "/opt/homebrew/opt/ffmpeg-full/bin/ffmpeg", "ffmpeg"):
        if c and subprocess.run([c,"-version"],capture_output=True).returncode==0:
            return c
    sys.exit("找不到 ffmpeg")
Confidence
84% confidence
Finding
if c and subprocess.run([c,"-version"],capture_output=True).returncode==0:

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def find_ffmpeg(cfg):
    for c in (cfg.get("ffmpeg"), "/usr/local/opt/ffmpeg-full/bin/ffmpeg",
              "/opt/homebrew/opt/ffmpeg-full/bin/ffmpeg", "ffmpeg"):
        if c and subprocess.run([c,"-version"],capture_output=True).returncode==0:
            return c
    sys.exit("找不到 ffmpeg")
Confidence
85% confidence
Finding
if c and subprocess.run([c,"-version"],capture_output=True).returncode==0:

Tainted flow: 'out' from open (line 70, file read) → open (file write)

Medium
Category
Data Flow
Content
headers={"Authorization": f"Bearer {key()}", "Content-Type": "application/json"})
            d = json.loads(urllib.request.urlopen(req, timeout=300).read())["data"][0]
            data = base64.b64decode(d["b64_json"]) if d.get("b64_json") else urllib.request.urlopen(d["url"]).read()
            open(out, "wb").write(data); return True
        except Exception as e:
            print(f"    重试{t}: {str(e)[:70]}", flush=True); time.sleep(4)
    return False
Confidence
92% confidence
Finding
open(out, "wb").write(data); return True

Tainted flow: 'd' from urllib.request.urlopen (line 46, network input) → urllib.request.urlopen (network output)

Medium
Category
Data Flow
Content
req = urllib.request.Request(OFOX_URL, data=payload,
                headers={"Authorization": f"Bearer {key()}", "Content-Type": "application/json"})
            d = json.loads(urllib.request.urlopen(req, timeout=300).read())["data"][0]
            data = base64.b64decode(d["b64_json"]) if d.get("b64_json") else urllib.request.urlopen(d["url"]).read()
            open(out, "wb").write(data); return True
        except Exception as e:
            print(f"    重试{t}: {str(e)[:70]}", flush=True); time.sleep(4)
Confidence
95% confidence
Finding
data = base64.b64decode(d["b64_json"]) if d.get("b64_json") else urllib.request.urlopen(d["url"]).read()

Tainted flow: 'cmd' from open (line 72, file read) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
"-filter_complex", vf, "-map", "[vout]", "-map", "0:a:0",
               "-c:v", "libx264", "-preset", "veryfast", "-crf", "23",
               "-c:a", "aac", "-b:a", "128k", "-movflags", "+faststart", out]
        r = subprocess.run(cmd, capture_output=True, text=True)
        if r.returncode:
            print(f"[{i}] ❌ {clip['name']}\n{r.stderr[-600:]}")
        else:
Confidence
84% confidence
Finding
r = subprocess.run(cmd, capture_output=True, text=True)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script transmits user-provided cover text and prompts to a third-party image API using API credentials, but only documents this in comments rather than enforcing runtime disclosure or consent. In a content-processing pipeline, users may not realize their titles, subtitles, or other text are being sent off-box to an external provider.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
On successful processing, the script unconditionally replaces the original MP4 with the generated temporary file. In an automated publishing pipeline, this increases the risk of silent destructive modification of user media, especially if config data is wrong or manipulated, and there is no backup, confirmation, or rollback path.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script hard-codes immediate publication via `publish_date=0` and `DOUYIN_PUBLISH_STRATEGY_IMMEDIATE`, so running it can push content live to Douyin without any runtime confirmation or dry-run safeguard. In this skill’s context, the risk is elevated because the overall workflow is explicitly designed for one-click bulk publishing across platforms, making accidental or unauthorized posting more likely and more damaging.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes many output files and passes -y to ffmpeg, which silently overwrites existing files. Because output_dir and clip names come from configuration, a mistaken or malicious config can destroy existing media or other writable files if paths are manipulated.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal