ClawHub
Back to skill

Security audit

Ai Short Film Studio

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed video-production workflow, but it should be reviewed because it asks the agent to control a logged-in Chrome profile and includes unsafe cloud credential/storage guidance.

Review carefully before installing. Use a dedicated Chrome profile rather than your normal browser profile, avoid leaving remote debugging open, do not run it against untrusted storyboard titles or media folders, and replace the Tencent Cloud identifiers with your own least-privilege storage setup. Confirm any API calls or batch generation first because the workflow can consume credits, write many files, and automate logged-in web sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("  📦 拼接视频片段...")
    cmd = [ffmpeg_path, "-y", "-f", "concat", "-safe", "0",
           "-i", str(concat_list), "-c", "copy", str(video_concat)]
    result = subprocess.run(cmd, capture_output=True, text=True)
    if result.returncode != 0:
        print("  ⚠️ copy模式失败,重编码...")
        cmd = [ffmpeg_path, "-y", "-f", "concat", "-safe", "0",
Confidence
88% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
str(out_file)
        ])

        result = subprocess.run(cmd, capture_output=True, text=True)
        if result.returncode != 0:
            # 降级:不带字幕
            cmd2 = [
Confidence
83% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"-c:v", "libx264", "-preset", "fast", "-crf", "22",
               "-pix_fmt", "yuv420p", "-c:a", "aac", "-b:a", "128k",
               str(video_concat)]
        result = subprocess.run(cmd, capture_output=True, text=True)
        if result.returncode != 0:
            print(f"  ❌ 拼接失败: {result.stderr[-300:]}")
            return None
Confidence
88% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"""查找FFmpeg路径"""
    for p in ["/opt/homebrew/bin/ffmpeg", "/usr/local/bin/ffmpeg", "ffmpeg"]:
        try:
            subprocess.run([p, "-version"], capture_output=True)
            return p
        except (FileNotFoundError, OSError):
            continue
Confidence
90% confidence
Finding
subprocess.run([p, "-version"], capture_output=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def find_ffprobe():
    for p in ["/opt/homebrew/bin/ffprobe", "/usr/local/bin/ffprobe", "ffprobe"]:
        try:
            subprocess.run([p, "-version"], capture_output=True)
            return p
        except (FileNotFoundError, OSError):
            continue
Confidence
90% confidence
Finding
subprocess.run([p, "-version"], capture_output=True)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The document exposes a hardcoded Tencent Cloud SecretId together with bucket and region details, which is sensitive infrastructure configuration that should not be embedded in public-facing skill documentation. Even if the SecretKey is not shown, this disclosure aids cloud asset enumeration and suggests unsafe secret-handling practices; in context, the skill encourages external storage use, making misuse of associated cloud resources more plausible.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like 'make a short video' or 'turn this copy into a video,' which can activate a skill that performs filesystem changes, shell execution, API use, and browser automation. Unintended activation is dangerous here because the skill is not just advisory; it prescribes operational steps with side effects and external service usage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs `pkill -9 "Google Chrome"` and launches Chrome against the user's existing profile directory with remote debugging enabled. Force-killing the browser can cause data loss, and reusing the default profile under CDP gives automated code access to authenticated sessions, cookies, and browsing context without a strong safety boundary.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation provides credential and storage configuration examples for Tencent Cloud without any warning about secret exposure, secure storage, or credential rotation. In a skill that automates media pipelines and cloud uploads, this normalizes unsafe copy-paste handling of secrets and increases the risk that users will leak or misuse production credentials.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/batch-generate.js:120

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/retry-until-complete.js:79