Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
九马免费对口型数字人
v1.0.6这是一个免费生成对口型数字人对口型的工具, 工具安装需要下载二进制文件到电脑上,只需根据文本和性别生成数字人视频并返回一个下载链接,生成时间在半个小时以内。
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (generate lip‑synced digital-human videos from text and gender) plausibly could require a native binary encoder/renderer. Requiring a binary is not inherently incoherent, but the skill provides no source code, no provenance, and no integrity checks for the binary — so the need to download and run an opaque executable is only weakly justified by the description.
Instruction Scope
The runtime instructions tell the agent to create a ./skills/9ma-mata-human folder, download a platform-specific binary from https://down-monitor.yisu.com/..., mark it executable, and run it with the user's text and sex. That gives the downloaded program full ability to run arbitrary code and make network calls. The SKILL.md also contains a parameter naming bug (two entries named 'text' instead of 'text' and 'sex'), which increases the chance of incorrect runtime behavior. Instructions do not limit or validate the binary's network activity or include any integrity checks (checksum/signature).
Install Mechanism
High-risk install: instruction-only skill directs a runtime download of a prebuilt binary from a non-obvious third-party domain (down-monitor.yisu.com). There is no cryptographic checksum, no signature, no GitHub releases or known upstream, and the binary will be executed. According to the install-risk guidance, this pattern is high risk because arbitrary code from an untrusted host will be written to disk and executed.
Credentials
The skill does not request environment variables, credentials, or config paths. From the declared requirements, there is no immediate overreach in requested secrets. However, because the downloaded binary runs locally, it could access environment variables or files at runtime — this is not declared in SKILL.md and therefore is a practical risk.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It writes into ./skills/9ma-mata-human within the agent workspace (creates folder and places the binary there) — this is limited persistence but still allows long-lived executable code to remain on disk. The permission/persistence requested is modest but combined with the unknown binary increases risk.
What to consider before installing
This skill downloads and runs an unsigned binary from an unknown domain and then executes it with user-supplied text — that lets the binary do anything on your machine (including network exfiltration). Only install if you fully trust the publisher and have verified the binary (cryptographic checksum/signature) and source. Safer options: ask the author for source code or a reproducible build, require a signed release from a known host (GitHub releases, official vendor), run the skill inside a tightly isolated sandbox or disposable VM, or prefer skills that call a documented API rather than downloading and executing opaque binaries. Also note the SKILL.md has a parameter naming bug (two 'text' parameters); ask for a corrected manifest. If you must try it, test in an isolated environment and monitor outbound network traffic.Like a lobster shell, security has layers — review code before you run it.
latestvk97c475sdbq90yx62ap62d5pkn83hdjq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.