ClawHub

Course Builder Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent course-video generator, but users should understand it runs local media tools and may send lesson text or photos to third-party services.

Install only if you are comfortable with a skill that runs ffmpeg/ffprobe and edge-tts locally, writes generated video files, installs Python packages, and may send narration text to a TTS provider. Do not use confidential course material or personal photos with the TTS or digital-human options unless you understand and accept the provider’s privacy and retention terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
slides_video = output_path + ".slides.mp4"
    
    # 生成幻灯片视频
    subprocess.run([
        "ffmpeg", "-y",
        "-f", "concat", "-safe", "0",
        "-i", concat_file,
Confidence
92% confidence
Finding
subprocess.run([ "ffmpeg", "-y", "-f", "concat", "-safe", "0", "-i", concat_file, "-c:v", "libx264", "-preset", "medium", "-crf", "23", "-pix_fmt", "yuv420p

subprocess module call

Medium
Category
Dangerous Code Execution
Content
], check=True, capture_output=True)
    
    # 合成最终视频
    subprocess.run([
        "ffmpeg", "-y",
        "-i", slides_trim,
        "-i", audio_path,
Confidence
78% confidence
Finding
subprocess.run([ "ffmpeg", "-y", "-i", slides_trim, "-i", audio_path, "-c:v", "copy", "-c:a", "aac", "-map", "0:v", "-map", "1:a", o

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and documents capabilities that imply reading user-provided files, writing generated assets, and invoking external tooling like ffmpeg and TTS, yet it declares no permissions. This creates a transparency and containment problem: users and the platform may not realize the skill can access the filesystem and shell, which increases the risk of overbroad access or unsafe execution if the implementation is present or later added.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior materially overstates what the skill actually does, including claims about digital-human generation, subtitle integration into the final video, and full integration with named services. This is dangerous because users may upload sensitive content or photos under false assumptions about processing, outputs, and third-party involvement, undermining informed consent and security review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes uploading a user photo to a digital-human service for avatar cloning without an explicit privacy and consent warning. User photos are sensitive biometric-adjacent data, and sending them to an external service without clear notice can create privacy, retention, and unauthorized-use risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-provided document text into `edge-tts`, which commonly relies on external network-backed speech services, yet there is no consent prompt, warning, or privacy notice. In a course-building context, input documents may contain proprietary teaching material or sensitive internal content, so silent exfiltration to a third-party service is a meaningful security/privacy issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal