ClawHub

Remotion + Excalidraw + TTS

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly purpose-aligned for making narrated videos, but it needs review because cloud TTS mode can expose API keys and voiceover text in command logs.

Review before installing if your voiceover text, diagrams, or API keys are sensitive. Use the default say backend or --voiceover-mp3 for local-only operation, avoid cloud TTS for confidential scripts, and be aware that npm dependencies are installed during rendering. If using OpenAI or ElevenLabs, do not run this in logs or CI output that other people can read unless the script is changed to redact credentials and payloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest presents the skill as using local macOS `say`, but the documentation also advertises OpenAI and ElevenLabs modes that require external API access. This discrepancy can cause sensitive voiceover text or related project data to be sent off-host unexpectedly, especially in environments where 'local TTS' is relied upon for privacy or compliance.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
Labeling the skill as 'Local' while documenting remote TTS providers creates a misleading trust signal. In security-sensitive contexts, users may deliberately select 'local' tooling to avoid data exfiltration, so this wording increases the risk of accidental use of cloud services and underestimation of network exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation mentions that the script will run `npm i` in a temporary project, but it does not elevate this as a clear security warning despite the fact that dependency installation executes network activity and introduces software supply-chain risk. This is dangerous because package installation can download untrusted code, trigger lifecycle scripts, and produce materially different security outcomes than a purely local render pipeline.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When the openai or elevenlabs backend is selected, the script sends the full voiceover text to third-party APIs, but the CLI interface does not prominently warn the user that local content will leave the machine. In a video-generation skill, voiceover text may contain confidential prompts, internal architecture details, or regulated data, so silent transmission increases data-leak risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal