ClawHub

AI Hookbot

Security checks across malware telemetry and agentic risk

Overview

This skill’s video-hook workflow is understandable, but it depends on running unreviewed external pipeline code and has ambiguous safety controls.

Install only if you are comfortable running the separate Hookbot pipeline scripts yourself after reviewing their source. Before running it, confirm the creator URL, CTA video, output directory, number of videos, whether viral sorting will use a YouTube API key, and avoid sharing raw error logs that may include local paths or secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill gives conflicting instructions about error handling: one section says failures must be sanitized before being relayed, while another says to return pipeline errors verbatim. Because this workflow executes local tools and depends on environment variables and file paths, verbatim errors can disclose sensitive local paths, usernames, command arguments, and possibly secrets embedded in stderr output.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation examples are broad enough that an agent may trigger this skill on loosely related user requests such as 'make hooks' or 'create content,' causing scraping, downloading, and media processing to occur without clear user confirmation. In a skill that performs external network access and file-writing, ambiguous activation increases the risk of unintended execution and surprise side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes generated outputs but does not clearly warn upfront that the skill writes multiple MP4 files and a manifest containing source metadata to disk. Users may unknowingly create persistent local artifacts, overwrite data, or expose creator/source metadata in shared directories or automated environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill markets itself as scraping YouTube Shorts and stitching content with local tools, but it does not clearly disclose that it will access external YouTube content and may transmit data to third-party services and command-line tools such as yt-dlp and potentially the YouTube API. Lack of disclosure can lead to privacy, compliance, and operational surprises, especially in agent environments where networked actions should be explicit.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases are broad enough to match ordinary content-generation requests, increasing the chance the skill runs when the user did not clearly intend a network scrape and local media-processing pipeline. In this context, accidental activation can cause unanticipated external requests, downloads, and file creation on disk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill does not clearly warn that it will perform network scraping, download/process third-party media, and write generated videos plus a manifest to disk. Without explicit disclosure, users may unknowingly trigger privacy-sensitive or resource-intensive actions and may not realize metadata and outputs persist locally.

Natural-Language Policy Violations

Low
Confidence
96% confidence
Finding
The error-display instructions conflict, which creates ambiguity for implementations and increases the chance that unsanitized operational details are exposed to end users. Although overlapping with SDI-4, this is still a real issue because ambiguous security guidance often leads to the least safe behavior during failures.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal