Back to skill

Security audit

ClawCut

Security checks across malware telemetry and agentic risk

Overview

ClawCut appears to be a real Vertex AI video generator, but its defaults can expose an unauthenticated web UI on the network and may execute an ffmpeg binary from /tmp while using the user's Google Cloud credentials.

Install only if you are comfortable using paid Google Vertex AI services for the prompts and media you provide. Use a dedicated low-privilege service account, set billing limits, bind the Gradio UI to localhost or add authentication before exposing it, and set FFMPEG_BIN to a trusted ffmpeg path instead of relying on /tmp/ffmpeg.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes capabilities to read environment variables, write files, access the network, and invoke shell commands, but it does not declare permissions or boundaries for those actions. In an agent ecosystem, this mismatch increases the chance of the skill being invoked with broader authority than users expect, enabling unreviewed cloud uploads, local file modification, or command execution.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list is extremely broad and includes generic phrases for making videos or automated content, which can cause the skill to activate in contexts where the user did not intend to invoke this workflow. Misrouting user requests into a cloud-backed media pipeline can lead to unintended data processing, uploads, cost incurrence, or handling of sensitive media.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill supports uploading reference videos and images to generate content via Vertex AI, but the description does not warn users that their media and prompts may be transmitted to cloud services. This omission is risky because users may provide private, copyrighted, or biometric content without informed consent about external processing.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The pipeline states that it generates Chinese narration and native Chinese speech by default, without mentioning user choice or opt-in. While not a direct exploit primitive, this can cause unintended content generation, policy mismatches, or disclosure issues if users submit content expecting another language or neutral processing.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The app sends user-supplied reference images and videos into a backend generation pipeline, and the skill metadata explicitly indicates use of external AI services such as Vertex AI. Without a clear user-facing disclosure or consent flow, users may unknowingly upload sensitive media that is transmitted off-box for processing, creating privacy and compliance risk.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The connection test triggers a real external API request to Vertex AI, but the UI label does not clearly warn the user that clicking it will send data to an external service. While the payload is minimal and not user content, undisclosed outbound requests can still violate user expectations, transparency requirements, or restricted-network assumptions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal