ClawHub

acestep-simplemv

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but its render script can execute unintended local shell commands if given crafted filenames or options.

Install only if you can run it in an isolated workspace and control all filenames and CLI options. Avoid untrusted media paths, output paths, codec strings, and browser paths until the script is changed to use argument-array execution instead of shell command strings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`getAudioDuration()` builds a shell command with a user-controlled file path and passes it to `execSync()`. Although the path is wrapped in double quotes, shell metacharacters such as embedded quotes can still break out of quoting and enable command injection, leading to arbitrary command execution under the user's account.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script assembles a shell command string for `npx remotion render` using user-controlled values such as `output`, `codec`, and potentially `browserExe`, then executes it with `execSync()`. Quoting is inconsistent and some arguments are unquoted, so an attacker can inject shell syntax via CLI parameters and achieve arbitrary command execution; the MV-rendering context makes this especially risky because it is intended to process user-supplied media paths and options.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The component accepts any `http`-prefixed `audioFileName` and passes it to `useAudioData` and `<Audio src={audioSrc} />`, causing the renderer/client to fetch remote content without validation or user disclosure. In this skill context, that can leak IP/network metadata to third parties, trigger unexpected outbound requests during rendering, and enable tracking or SSRF-like access depending on where rendering occurs.

VirusTotal

VirusTotal findings are pending for this skill version.