ClawHub

下载视频的技能

Security checks across malware telemetry and agentic risk

Overview

This video downloader is coherent, but it should be reviewed because it can automatically install external tools and suggests using browser session cookies without strong safety boundaries.

Install only if you trust the publisher and are comfortable with the skill changing local video-tool dependencies. Prefer using an isolated Python environment, preinstall pinned and verified yt-dlp and FFmpeg yourself, and avoid browser-cookie mode unless you explicitly intend to use a specific browser session for a specific site.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("yt-dlp is already installed")
    except (subprocess.CalledProcessError, FileNotFoundError):
        print("Installing yt-dlp...")
        subprocess.run([sys.executable, "-m", "pip", "install", "--upgrade", "yt-dlp"], check=True)
        print("yt-dlp installed successfully")

def download_video(url, quality="1080p", output_dir=None, audio_only=False):
Confidence
97% confidence
Finding
subprocess.run([sys.executable, "-m", "pip", "install", "--upgrade", "yt-dlp"], check=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes capabilities to access the environment, invoke shell commands, and reach the network, but no permissions are declared. That mismatch can lead to under-scoped review and unexpected execution of package installation, binary download, and external site access when the skill is invoked.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill silently downloads FFmpeg from the internet and installs or upgrades yt-dlp, which exceeds the declared downloader behavior and introduces supply-chain and unexpected system-modification risk. Skills that fetch and install executables/dependencies can execute attacker-controlled code if the upstream source, transport, or packaging chain is compromised.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Embedding pip installation capability inside the skill allows it to modify the runtime environment and execute package installation logic unrelated to the minimal task of downloading a video. This materially increases the attack surface through dependency confusion, malicious package updates, or tampered indexes.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger description includes broad everyday phrases such as '下载视频、保存视频、抓取视频', which can cause the skill to activate in unintended contexts. Because this skill can execute shell/network actions and write files, accidental invocation increases the chance of unwanted downloads or command execution paths.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
2. **视频质量不理想**:尝试使用不同的格式选择器或使用浏览器cookies

3. **ffmpeg下载失败**:如果自动下载ffmpeg失败,可以手动下载并解压到技能目录的`ffmpeg/`文件夹
Confidence
88% confidence
Finding
cookies-from-browser chrome; cookies-from-browser edge; cookies-from-browser firefox

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal