Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Capcut Mate Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The included code is a small CapCut Mate API wrapper, but using it requires trusting the separately installed CapCut Mate service and any configured API endpoint.
Before installing, review and trust the CapCut Mate server you run, keep CAPCUT_MATE_URL pointed at a trusted endpoint, and remember that video draft/render actions can modify projects and may leave a local background service running if Docker detached mode is used.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing the skill may require running external code beyond the small wrapper shown here.
Why it was flagged
The skill depends on a separately cloned and executed server that is not included in the reviewed artifacts or pinned to a specific commit.
Skill content
git clone https://github.com/Hommy-master/capcut-mate.git ... uv sync ... uv run main.py
Recommendation
Review the CapCut Mate repository or Docker image before running it, prefer pinned versions/commits, and run it with least privilege.
What this means
A trusted CapCut Mate server can receive media references and modify or render video drafts.
Why it was flagged
The wrapper sends draft and video information to a configurable API endpoint and can trigger project changes/rendering; this matches the skill purpose but is still mutating automation.
Skill content
const BASE_URL = process.env.CAPCUT_MATE_URL || 'http://localhost:30000/openapi/capcut-mate/v1'; ... axios.post(`${BASE_URL}/add_videos`, { draft_url, video_infos });Recommendation
Use only a trusted local or self-controlled CAPCUT_MATE_URL and confirm requested edits before invoking rendering actions.
What this means
The CapCut Mate service may continue running after setup until the user stops it.
Why it was flagged
The documented Docker quick start runs the external service in detached/background mode; this is user-directed and disclosed, not hidden persistence.
Skill content
docker-compose pull && docker-compose up -d
Recommendation
Stop the Docker service when finished and avoid exposing it beyond localhost unless intentionally secured.