ClawHub

Volcengine Video Studio

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it can unexpectedly use OpenAI environment credentials while sending prompts or media to a remote video API.

Review before installing. Use only prompts and media you are comfortable sending to the configured provider, explicitly set the intended VOLCENGINE_API_KEY or ARK_API_KEY and endpoint, and clear OPENAI_API_KEY or OPENAI_BASE_URL unless you deliberately want those fallbacks. Disable downloads or set --download-dir if you do not want generated files saved to Desktop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to use environment variables, read local media files, write downloaded outputs to the local Desktop, and make network requests, but it does not declare permissions or clearly scope those capabilities. This can lead to users or platforms underestimating the skill's access, increasing the risk of unintended secret exposure, local file access, or external data transfer during execution.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation states that generated files are automatically downloaded into a Desktop path, but it does not prominently warn users that local files will be created. Silent or unexpected local writes are risky because they can clutter user systems, overwrite expectations about agent behavior, and create privacy concerns if sensitive generated content is stored locally without explicit consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal