ClawHub

九马免费对口型数字人

Security checks across malware telemetry and agentic risk

Overview

This skill is for generating digital-human videos, but it downloads and runs an unverified native program on the user’s computer.

Install only if you trust the publisher and the download host. Before running it, verify the downloaded executable with a trusted checksum or signature, use an isolated environment if possible, and expect that it will store and execute a local native binary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to create local directories, download a platform-specific executable from a remote host, and run it with user-controlled arguments. This creates a serious supply-chain and arbitrary code execution risk, especially because the executable is not integrity-pinned, sandboxed, or transparently disclosed as part of the user-visible capability.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest advertises a simple text-and-gender video generation tool, but the implementation also performs filesystem modification, remote binary retrieval, and local native code execution. This mismatch hides high-risk behavior behind a low-risk description, reducing informed consent and making abuse or accidental execution more likely.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrase for the skill is broad enough to match ordinary conversation about generating a digital human, which can cause unintended activation. In this skill, accidental activation is more dangerous than usual because it can lead to downloading and executing a native binary on the host.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill includes instructions to download and execute native binaries but provides no clear user-facing warning or consent flow about the security implications. Users may believe they are only generating media content, while the agent is actually performing privileged host operations with significant compromise potential.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal