ClawHub

ai-video-gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AI video-generation helper that uses a disclosed external API key, downloads generated media, and runs FFmpeg, with no hidden persistence or destructive behavior found.

Install only if you are comfortable sending prompts, voiceover text, and generation inputs to SkillBoss/HeyBoss services and storing a local API key. Use a dedicated key, keep .env private, avoid confidential or regulated content unless approved, run it in a virtual environment, and review output paths because FFmpeg commands may overwrite chosen output files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Tainted flow: 'audio_url' from requests.post (line 36, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
).json()

    audio_url = result["result"]["audio_url"]
    audio_data = requests.get(audio_url).content
    with open(output_path, 'wb') as f:
        f.write(audio_data)
Confidence
91% confidence
Finding
audio_data = requests.get(audio_url).content

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes capabilities that require environment variable access, network access, file writing, and shell/FFmpeg execution, yet no permissions are declared. This creates a transparency and consent problem: users or hosting platforms may not realize the skill can exfiltrate prompts or media to external services and invoke local tooling, increasing the risk of unintended data exposure or unsafe execution.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README instructs users to configure an API key and send prompts, images, video, and voice content to external AI services, but it does not warn that this data will be transmitted off-host to a third party. This can lead users to unknowingly upload sensitive text or media, creating privacy, confidentiality, and compliance risks, especially in enterprise or regulated environments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user prompts, narration text, and potentially images or generated media to SkillBoss API Hub, but the description does not clearly warn users that their content leaves the local environment. In a media-generation workflow, prompts and uploaded assets may contain sensitive or proprietary information, so omission of this disclosure can lead to inadvertent third-party data exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The provided voiceover text is transmitted to an external TTS service with no explicit disclosure or consent mechanism in the tool. In an end-to-end video-generation skill, prompts may contain sensitive or proprietary data, so undisclosed outbound transmission increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
User-supplied prompts and optional voiceover text are transmitted to a third-party API, but the CLI does not clearly warn users that their content leaves the local environment. In a content-generation skill, users may provide sensitive or proprietary text, so lack of disclosure creates a real privacy and data-handling risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
98% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
98% confidence
Finding
pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
91% confidence
Finding
requests

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
95% confidence
Finding
pillow

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
77% confidence
Finding
python-dotenv

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal