ClawHub
Back to skill

Security audit

fotor-skills

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Fotor media-generation skill, with expected external API use and setup steps that users should review before installing.

Install this only if you are comfortable using a Fotor API key, sending prompts and selected media files to Fotor for processing, and allowing the skill to create a local Python environment and install or upgrade its SDK dependencies. Review the uv installer and dependency install steps if your environment requires pinned or approved software sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly uses sensitive capabilities including environment variables, local file access, shell execution, and network access, but does not declare permissions explicitly. This weakens platform transparency and consent, making it harder for users or policy engines to understand that the skill can install software, read local inputs, and send data off-host.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The advertised purpose is image/video generation and editing, but the skill also performs package installation, update checks against external sources, reads local metadata, and persists notification state. That broader behavior increases attack surface and user surprise, especially because software installation and updater logic are unrelated to the core creative task.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs uploading local images to Fotor and reusing returned hosted URLs, but does not provide a clear user-facing warning that local content will be transmitted to an external service. This creates privacy and data handling risk, especially for sensitive, personal, or proprietary images.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow directs automatic execution of remote API tasks once minimal information is available, but does not clearly warn users that prompts, images, and account usage data will be processed by an external service. This can expose sensitive data and trigger billable actions without sufficiently informed user consent.

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# macOS / Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows (PowerShell)
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Confidence
95% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# macOS / Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows (PowerShell)
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Confidence
97% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal