ClawHub

秦丝旺剪 - AI智能视频剪辑

Security checks across malware telemetry and agentic risk

Overview

This Wangcut skill is purpose-built for video automation, but its setup flow asks users to share an account password in chat and stores it in a local config file.

Review carefully before installing. Do not paste a sensitive or reused password into chat, avoid storing config.ini in a shared or committed project, verify the API base URL before logging in, and consider using a limited Wangcut account if you proceed. I found no evidence of hidden destructive behavior, but the credential-handling design is risky enough to require user review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad and overlap with ordinary user requests such as creating or downloading videos. This can cause the skill to activate unintentionally, leading users to disclose credentials or invoke external API actions when they did not specifically intend to use this integration.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill asks users to provide an account password but gives no explicit privacy, storage, or safe-handling warning. In context, this is especially risky because the skill also writes configuration locally and connects to an external API, increasing the chance of credential exposure through chat logs, local files, or downstream systems.

Missing User Warnings

High
Confidence
97% confidence
Finding
The guide tells users to send their Wangcut account password directly in chat for configuration, which can expose credentials to chat logs, client-side history, screenshots, telemetry, or other unintended recipients. In an agent-skill context, this is especially risky because users may assume the assistant is a safe secret-entry channel when it may not provide secure secret handling guarantees.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code stores the Wangcut username and password in a local config.ini file in plaintext, and the user-facing prompts do not clearly warn that credentials will be persisted on disk. If the working directory or repository is shared, backed up, or accidentally committed, these credentials can be exposed and used to access the user's video-editing account.

Ssd 3

Medium
Confidence
99% confidence
Finding
The skill explicitly instructs the user to send their account and password in plain chat for configuration. Plain-chat credential submission is dangerous because secrets may be logged, retained, exposed to operators or other integrations, and then persisted into configuration files, making credential theft or reuse more likely.

Ssd 3

Medium
Confidence
98% confidence
Finding
The documentation explicitly instructs users to provide account passwords in chat, normalizing insecure credential handling. This can lead to credential theft or reuse compromise if logs are retained, shared with third-party systems, or visible to operators, and the skill context increases danger because it conditions users to disclose secrets to an automated assistant.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal