ClawHub

地鼠AI剪辑标准 Skill

Security checks across malware telemetry and agentic risk

Overview

This video-editing skill is transparent about its purpose, but it exposes broad local desktop bridge and file access that users should review before installing.

Install only if you intend to let an AI agent control AICut and access local media. Prefer explicit file/folder picker workflows, avoid granting Desktop or whole-project-root access, review any cloud upload/public-frame settings, keep API keys in environment variables only, and confirm before timeline overwrite or export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation explicitly exposes a generic MCP tool, `bridge_call`, that can invoke arbitrary `window.aicutAI` methods rather than a constrained set of editing-only operations. In the context of a desktop bridge with local file access and authorization methods, this expands the attack surface and can let an AI agent reach sensitive capabilities such as local media authorization, file listing, file reads, or other future methods not intended for broad agent use.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented `bridge_call` capability exposes a generic method dispatcher that can invoke arbitrary Bridge methods, which greatly expands the agent's effective privileges beyond narrowly scoped video-editing actions. In this skill's context, that is dangerous because the same document also describes local media authorization, project lifecycle control, and desktop bridge access, so a prompt-influenced agent could be steered into sensitive operations not constrained by purpose-specific tools.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The reference explicitly documents folder authorization and file-reading primitives (`authorize_media_folder`, `list_media_folder`, `read_media_file_base64`, local-media routing), which provide filesystem access broader than a minimal editing workflow requires. In an agent skill, these capabilities are risky because they can be combined with media import/export flows to enumerate or exfiltrate local files if authorization, path scoping, and consent are weak or bypassable.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is broad enough to activate the skill for generic user requests such as editing, video understanding, or export-related tasks that may not specifically intend to invoke this powerful editing workflow. In a skill that can drive local MCP/HTTP/CLI actions and manipulate projects, overbroad activation increases the chance of unintended tool use, file access, or project modification without clear user intent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal