ClawHub

AI视频短视频创作器

Security checks across malware telemetry and agentic risk

Overview

This video-making skill is mostly purpose-aligned, but it should be reviewed because its local scripts can execute broader code and shell commands than the task requires.

Install only if you trust the skill source and will run it in a dedicated project folder. Do not use config.py files or media paths from untrusted sources, avoid sensitive narration text unless you are comfortable sending it to edge-tts, and consider patching the xfade os.system call to subprocess before processing third-party files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
cmd = cmd.replace(f"OFFSET{i}", f"{offset_val:.2f}")

    print(f"    xfade chain: {n} clips, {n-1} transitions")
    ret = os.system(cmd)
    if ret != 0:
        print("    xfade failed -> fallback to simple concat")
        return concat_simple(clip_paths, output_path, output_dir)
Confidence
98% confidence
Finding
ret = os.system(cmd)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the agent to read local files, write outputs, and execute shell commands (`python`, `ffprobe`, FFmpeg) but does not declare corresponding permissions. This creates a transparency and consent gap: a user or platform may not realize the skill can access filesystem contents and launch external tools, increasing the risk of unintended data exposure or command execution in a broader environment.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script loads a user-specified config.py via importlib and executes it with exec_module, which means arbitrary Python code in that file runs with the privileges of the current user. In a workflow where config files may be shared, generated, or modified by an agent, this becomes a direct arbitrary code execution vector well beyond simple configuration loading.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The finding correctly identifies that xfade composition is implemented through dynamic shell execution rather than a constrained subprocess API. In a skill that consumes user/project-controlled media paths, this broadens the attack surface from media processing to arbitrary shell command execution if path data is maliciously crafted.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code sends seg['text'] to edge-tts, which is an external network-backed TTS service path, without any explicit consent prompt, privacy notice, or data-classification check in this script. In this skill context, narration may contain unpublished scripts, proprietary summaries, or sensitive source-derived text, so silent transmission to a third party creates a genuine confidentiality and compliance risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal