ClawHub

Video Insight

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate video transcript tool, but it needs Review because it can automatically use local Chrome browser cookies for Bilibili downloads without clear user consent.

Install only if you are comfortable with a video tool that may touch your Chrome browser session when Bilibili downloads fail. For safer use, remove or disable the --cookies-from-browser chrome retry, avoid sensitive videos unless using --no-cache, clear ~/.cache/video-insight when needed, and use --summarize only with an LLM endpoint and token setup you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
When the initial download fails, the code silently expands scope by accessing browser cookies from Chrome to retry the request. That exceeds the stated transcript-extraction role and can expose authenticated session material and private account context without explicit user approval.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill invokes yt-dlp with --cookies-from-browser chrome, causing it to read sensitive browser cookies from the local profile. In an agent/tooling context, this is dangerous because it grants the skill access to authentication artifacts unrelated to transcript extraction and can enable account misuse or privacy compromise.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases are broad enough to match many ordinary user requests about summaries or transcripts, which can cause the skill to activate when the user did not specifically intend to use it. Because this skill performs network retrieval and local caching, overbroad invocation can lead to unnecessary external requests, unexpected storage of content, and expansion of the skill's operational footprint.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that transcripts are permanently cached locally but does not clearly warn users that extracted content will be retained on disk. Video transcripts may contain sensitive, copyrighted, or user-request-specific material, so silent persistence increases privacy and data-retention risk, especially on shared systems or long-lived agent hosts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Reading browser cookies without any user-facing warning or confirmation creates a hidden sensitive-data access path. In practice, users may not realize the skill can touch local authentication data, making the behavior especially risky in an automation environment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
When --summarize is enabled, the full transcript is sent to an LLM via generate_summary() with no visible disclosure in this CLI about external data transmission, retention, or privacy implications. Users may assume summarization is local, but transcripts can contain sensitive or copyrighted content, making silent third-party transmission a meaningful privacy and compliance risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal