AI Hookbot
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-hookbot Version: 1.0.2 The skill bundle facilitates video processing but introduces a high-risk shell injection vulnerability by instructing the AI agent to pass user-provided inputs (like creator URLs and file paths) directly into a command-line execution string in SKILL.md. It also relies on an external, unverified repository (placeholder 'hookbot-scripts') for its core logic (pipeline.py). While it includes some security-conscious instructions like limiting environment variables, the instruction to relay error output 'verbatim' for debugging could potentially leak sensitive system information if the previous sanitization step is bypassed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill does not provide the reviewed pipeline itself; running it may execute whatever code is present in the configured scripts directory.
The skill’s main behavior depends on external scripts from a placeholder/unpinned repository and then executes pipeline.py; that code is not included in the provided artifacts.
git clone https://github.com/YOUR_REPO/hookbot-scripts ~/hookbot ... cd "$SCRIPTS_DIR" && ... python3 pipeline.py "<creator_url>" "<cta_video>"
Only use a trusted, reviewed pipeline repository; pin it to a known commit; inspect pipeline.py before running; and prefer packaging the reviewed pipeline with the skill or declaring a precise dependency.
A misbehaving or verbose pipeline could expose local paths or secret values in the chat/debug output, especially if errors are relayed verbatim.
The optional YouTube API key is expected for viral sorting, but it is passed into the external pipeline and the error-reporting instructions conflict with earlier guidance to strip env var values.
YOUTUBE_API_KEY="${YOUTUBE_API_KEY:-}" ... If the pipeline errors, relay the error output to the user verbatimUse a restricted YouTube API key, avoid storing secrets in broadly sourced shell files, and redact environment values and sensitive paths from any pipeline error output.