ClawHub

TikTok Creator Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it advertises, but its CPU transcription path can launch an unsafe background shell command from user-controlled paths.

Install only if you trust TikHub and are comfortable using an API key for scraping and paid downloads. Use an isolated environment, limit API-key exposure, avoid command-line key history where possible, get authorization before collecting profile/follower/comment data, and avoid the CPU/background Whisper path until the shell command is fixed or run with tightly controlled file paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
log_file = f"/tmp/whisper_{os.path.basename(audio_path)}.log"
        nohup_cmd = f"nohup {' '.join(cmd)} > {log_file} 2>&1 &"
        print(f"🚀 Whisper 后台转写启动,日志: {log_file}")
        subprocess.run(nohup_cmd, shell=True)
        print(f"📝 文字稿将保存到: {output_path}")
        print(f"⏱️  medium 模型 CPU 转写 1 分钟音频约需 1-2 分钟,请耐心等待")
        return output_path
Confidence
99% confidence
Finding
subprocess.run(nohup_cmd, shell=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly describes capabilities that involve network access, shelling out to ffmpeg, and writing downloaded/transcribed files, yet it declares no permissions. This mismatch weakens user and platform visibility into what the skill can do and can enable unexpected data collection, downloads, or local file creation when the skill is invoked.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
Launching nohup background jobs creates persistent local process-spawning behavior that is not necessary for safe API use and can outlive the agent session. In this skill, that persistence combines with shell=True command construction, making misuse and unauthorized long-running execution materially more dangerous.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation text is broad and tied to generic scraping-related requests across multiple platforms, increasing the chance the skill auto-triggers in contexts the user did not intend. Because the skill supports collecting comments, user info, follower data, and downloads, overly broad routing can lead to privacy-invasive or policy-sensitive actions being suggested or performed too easily.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes scraping user information, comments, and follower lists without any warning about privacy, consent, platform Terms of Service, or downstream handling of personal data. In this context, the omission is significant because the advertised use cases directly involve potentially sensitive personal information at scale.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
95% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
92% confidence
Finding
openai-whisper

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
92% confidence
Finding
mlx-whisper

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai-whisper
mlx-whisper
ffmpeg
Confidence
88% confidence
Finding
ffmpeg

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal