ClawHub

ClawCast

Security checks across malware telemetry and agentic risk

Overview

This OBS automation skill is mostly transparent, but it can replace OBS scenes and start real recording or streaming without built-in confirmation.

Install only if you intentionally want an agent to control OBS. Before running it, use a disposable OBS scene collection or backup your scenes, verify the target host and agentic-obs DB path, keep the overlay server on a trusted LAN/VPN, and avoid the recording or streaming helpers unless OBS is pointed at a private test setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The comment says the server should expose only overlay assets, but the command actually serves the entire skill root over HTTP. On a LAN, this can disclose scripts, runtime artifacts, configuration, and other package contents that were not intended to be remotely reachable, expanding the attack surface beyond static overlays.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is described as providing LAN-safe browser/media assets, but this implementation exposes the whole skill directory to any host that can reach the machine on the selected port. In this context, the mismatch is more dangerous because the skill is explicitly designed for local or remote OBS automation, making LAN reachability a normal operating mode and increasing the chance of unintended information disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally switches to a safe scene, deletes a fixed set of existing OBS scenes, and recreates them without any user-facing confirmation, backup, or dry-run mode. In the context of an automation skill that operates on local or remote OBS instances, this can destroy a user's existing scene configuration and interrupt live production workflows if run against the wrong target.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script starts OBS recording and performs automated scene changes immediately, with no explicit user-facing prompt, consent gate, or dry-run mode. In a local/remote OBS automation context, this can unintentionally capture sensitive desktop content, microphones, browser sources, or private scenes if invoked by an agent or operator who did not fully realize recording would begin.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal