ClawHub

video-knowledge-ingest

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed video-ingestion workflow that fetches or transcribes media, summarizes it, and stores the results locally, with privacy considerations users should understand.

Install this only if you are comfortable with chosen video URLs or local files being downloaded or read, transcribed, summarized through the configured summarize/Codex backend, and retained in the local knowledge-base directory until deleted. Use --kb-root for project-specific storage and avoid using private cookies or confidential media unless that retention and processing model is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to invoke shell commands, access the network, read/write local files, and use environment-dependent tooling, yet it declares no permissions or equivalent safety boundary in the skill metadata. That mismatch increases the chance the skill is auto-enabled or used without informed approval, allowing broad external fetches and local persistence in a workflow that processes untrusted URLs and files.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description is broad enough to activate on many ordinary requests involving videos, summaries, debugging, or packaging for sub-agents, which can cause this high-capability skill to be selected more often than intended. Because the skill performs network retrieval, shell execution, transcription, and persistent local writes, overbroad triggering meaningfully increases exposure to unnecessary risky actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Declaring the skill as the 'default' cross-platform workflow creates an ambiguous trigger scope and encourages automatic use even when a safer, narrower path may suffice. In this context, defaulting to a workflow that downloads remote content, runs shell tools, and writes to a fixed local knowledge base can lead to unnecessary execution and data persistence from untrusted sources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal