ClawHub

抖音民间诡异故事视频生成器

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent video-generation and optional Douyin publishing workflow, but it depends on external AI services, FTP image hosting, and an authenticated browser profile.

Install only if you are comfortable sending story text and generated media to DashScope and to your configured FTP/HTTP host. Use dedicated API and FTP credentials, avoid sensitive unpublished material, verify the openclaw browser profile is logged into the intended Douyin account, and review the final video and posting details before confirming publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes local scripts, writes files such as story.txt and generated media, reads configuration containing API keys/FTP details, and performs browser/network actions, yet it declares no permissions. This creates a transparency and consent problem: an agent may execute file, network, and environment-sensitive operations without explicit authorization boundaries, increasing the risk of unintended data access or exfiltration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented workflow references configuration with FTP server information and the analysis indicates local images are uploaded to an FTP server to obtain public URLs, but this external publication step is not disclosed in the skill's stated purpose. Hidden external transfer materially changes the privacy and security posture because user-provided story content and generated assets may be exposed to third-party infrastructure or publicly accessible URLs.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The script uploads user-provided images to an external FTP server before video generation, but this behavior is not inherent to local video assembly and is broader than the stated purpose. This creates an unnecessary data exfiltration path for user content, especially because FTP is an insecure protocol and the destination is controlled via environment variables.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill includes network transmission and a platform publication workflow, but the instructions do not clearly warn users that content may be uploaded to external services and potentially published publicly. Given that it also references browser automation and external configuration, insufficient warning can undermine informed consent and lead to unintended disclosure or publication of generated content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code automatically transmits user images to an external FTP server without any visible consent, warning, or privacy boundary. If users supply personal or sensitive images, this can leak private content to third-party infrastructure outside their expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends image URLs and prompts to DashScope for third-party video generation, which is functionally necessary for the feature but still constitutes external data sharing. Without clear disclosure, users may unknowingly expose sensitive prompts or image-derived content to a remote AI provider.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function transmits user-supplied story text to an external cloud TTS service, which creates a real privacy and data-handling risk when users are not clearly informed their content leaves the local environment. In this skill context, users may provide unpublished, personal, or sensitive text, so silent third-party transfer can violate user expectations and organizational data policies even if the behavior is necessary for the feature.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal