ClawHub

AI重生复仇爽文自动生成

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it advertises, but it runs locally generated shell commands unsafely and sends story text to an under-disclosed third-party TTS service.

Review before installing. Use a dedicated throwaway working directory, avoid sensitive or proprietary story text, use a revocable API key, and do not process media files from untrusted sources or with unusual filenames until the shell command construction is fixed. The pending VirusTotal result was not used as the basis for this verdict.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _run_cmd(cmd: str):
    log(f"  $ {cmd}")
    subprocess.run(cmd, shell=True, check=True)


def _get_duration(file: str) -> float:
Confidence
98% confidence
Finding
subprocess.run(cmd, shell=True, check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _get_duration(file: str) -> float:
    cmd = f'ffprobe -v error -show_entries format=duration -of csv=p=0 "{file}"'
    return float(subprocess.check_output(cmd, shell=True).decode().strip())


# ─────────────────────────────────────────────────────────────
Confidence
98% confidence
Finding
return float(subprocess.check_output(cmd, shell=True).decode().strip())

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that output files and directories are automatically created and that the audio directory may be cleared, but it does not prominently warn that existing workspace data can be overwritten or deleted. In practice, running the pipeline could destroy prior outputs or unrelated files if the working directory is reused or misconfigured.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The pipeline sends generated story text to a third-party TTS endpoint (`zero-libre-tts.vercel.app`) without any disclosure, consent mechanism, or trust documentation in this file. That creates a data exposure risk because potentially sensitive or proprietary text content is transmitted off-host to an unaudited external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal