ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

code2animation

v1.0.1

Produce complete code-based animated videos by scripting, generating narration, creating visual assets, and rendering final MP4s using the code2animation fra...

2· 513·1 current·1 all-time
byFrank Lin@etrobot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The project files (render scripts, Puppeteer, FFmpeg, msedge-tts, TTS metadata handling) align with the stated purpose of code-driven animation and rendering. However there are dependencies and files not documented in SKILL.md (e.g., '@google/genai', 'better-sqlite3' in package.json/pnpm-lock) that are not explained by the description and may indicate unused or extra capabilities.
!
Instruction Scope
The vite plugin exposes HTTP endpoints (/api/projects and /api/generate-audio) that accept POST data and then execute a local shell command that runs scripts/generate-audio.ts. The command string is composed as `npx tsx "${scriptPath}" ${projectId}` using projectId from the request body without sanitization or argument escaping, enabling potential shell injection if the dev server is reachable. The README and SKILL.md claim the commands are predefined and not user-controllable, which contradicts the server code that accepts external input and uses it in a shell command. Also the package's dev script sets Vite --host=0.0.0.0 and --port=3000 (in package.json), which makes these endpoints reachable from the network if the developer runs the dev server as-is.
Install Mechanism
There is no external install spec (instruction-only install). Dependencies are typical for a Node + Puppeteer + React project; all packages are from normal registries and a pnpm lockfile is included. No remote archive downloads or extract steps were observed.
!
Credentials
The skill declares no required env vars, but vite.config.ts reads and injects env.GEMINI_API_KEY into the client bundle via define({ 'process.env.GEMINI_API_KEY': JSON.stringify(env.GEMINI_API_KEY) }). That will bake any present GEMINI_API_KEY into the shipped frontend code, potentially leaking secrets to anyone who can load the app. The SKILL.md does not document or justify exposing a GEMINI_API_KEY. Optional env vars mentioned in SKILL.md (PUPPETEER_EXECUTABLE_PATH) are reasonable, but the implicit GEMINI_API_KEY handling is disproportionate and risky.
Persistence & Privilege
The skill does not request always:true and does not alter other skills. The dev server plugin registers local HTTP endpoints and invokes local scripts and child processes (Puppeteer/FFmpeg). Those behaviors are expected for a renderer but gain broader impact if the dev server is bound to 0.0.0.0 or if the agent runs the server with network exposure. Autonomous invocation is allowed by default but does not by itself change this assessment.
Scan Findings in Context
[child_process.exec] expected: Executing render and audio-generation scripts is expected for this project, but the code constructs a shell command using untrusted input (projectId) and runs it via execAsync, which can lead to command injection if the dev server is reachable remotely.
[exposed_env_define] unexpected: vite.config.ts injects GEMINI_API_KEY into the client bundle via define(). Embedding a secret into frontend code is not appropriate and risks leaking the key to anyone who can access the app.
What to consider before installing
This package mostly does what it says (creates and renders code-driven animations), but it has two important red flags you should address before running it in a networked environment: (1) The Vite dev plugin exposes /api/generate-audio which runs a shell command built directly from the incoming projectId. If you run the dev server bound to 0.0.0.0 (package.json dev script currently does), a remote attacker could POST a malicious projectId and execute arbitrary commands. Mitigations: run the dev server only on localhost, change the dev script to --host=127.0.0.1, or remove/secure the API route with authentication and argument escaping (use spawn with arg arrays or a safe argument-escaping function). (2) vite.config.ts will bake any GEMINI_API_KEY environment variable into the client bundle, exposing it to users — do not set sensitive API keys in the environment when building/running this app, or remove that define() usage and keep keys server-side. Additional suggestions: review scripts/generate-audio.ts and scripts/render.ts to confirm they do not themselves call unsanitized shell commands or perform network calls to unexpected endpoints; prefer child_process.spawn with argument arrays instead of exec to avoid shell interpolation; avoid running the dev server as root or exposing it publicly; and if you need remote triggering, add authentication and strict input validation (whitelist project IDs). If you want, I can point out exact lines to change to fix the command-injection and key-exposure issues.

Like a lobster shell, security has layers — review code before you run it.

latestvk978zmf3n22gbn80xsr4d1eap5828jn4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments