Mediaclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only video production skill with no code or automatic access, but users should only use it with rights-cleared media and consent.

Install risk is low because the package is documentation-only. Before using it or any linked MediaClaw service, verify the provider and only upload or transform videos, faces, voices, logos, packaging, and ad assets when you have the rights and consent; avoid using the anti-duplicate features to evade platform rules or repost unauthorized content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly advertises face swap, brand replacement, and anti-duplicate video generation without any safety framing, consent requirements, or misuse restrictions. In this context, the omission is dangerous because it normalizes deceptive media manipulation that could enable impersonation, fraud, brand spoofing, and policy evasion at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal