ClawHub

Fliz AI Video Generator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Fliz API integration, with some privacy and example-code cautions users should understand before use.

Install only if you intend to use Fliz and are comfortable sending your prompts, source text, and video metadata to that external API. Keep the API key in environment variables, avoid putting sensitive content into prompts, and do not deploy the sample webhook handler as-is without authentication, HTTPS, payload validation, redaction, and retention limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documents and references executable scripts, shell commands, environment-based authentication, file I/O, and outbound network access, but it does not declare any permissions for those capabilities. This creates a trust and review gap: users or platforms may treat the skill as low-privilege documentation while it implicitly instructs or enables privileged operations such as using API keys, reading text files, writing output, and making authenticated requests.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The history endpoint exposes recently received webhook payloads over an unauthenticated GET route, which can leak video metadata and any other fields Fliz may include in webhook bodies. In webhook handlers, received payloads are often considered sensitive operational data, so exposing them for debugging broadens access beyond the handler's stated purpose and creates an unnecessary information disclosure surface.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The test endpoint allows any caller to generate synthetic webhook records without authentication, which can pollute operational history, mislead monitoring, and potentially trigger downstream workflows if later extended to reuse real processing logic. In the context of a public webhook server example, unauthenticated simulation endpoints are risky because they normalize exposing nonessential attack surface on an internet-facing service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to submit arbitrary text content and configure an API key for a third-party video-generation service, but it does not clearly disclose that the provided content will be transmitted off-platform to Fliz for processing. This can lead users to unknowingly send sensitive, proprietary, or regulated data to an external provider, creating privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The handler persists full webhook payloads to a local JSONL file without warning, retention limits, access controls, or redaction. This can expose potentially sensitive metadata at rest, create compliance/privacy issues, and leave behind artifacts that are easy to overlook in example code copied into production.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation encourages use of a user-supplied `webhook_url` and describes the completion/failure payloads, but it does not explicitly warn that Fliz will send video metadata to whatever external endpoint is provided. In an integration-focused skill, this omission can lead developers to forward potentially sensitive identifiers, titles, languages, error details, and media URLs to untrusted or misconfigured third-party endpoints, increasing the risk of data leakage or SSRF-style misuse if webhook destinations are not validated.

Missing User Warnings

Low
Confidence
96% confidence
Finding
The script prints a masked portion of the API key to the console, which still discloses credential material that may be captured in terminal logs, CI logs, screen recordings, or shared troubleshooting output. While only partial, exposing any part of a secret unnecessarily increases the chance of credential correlation or accidental leakage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal