ClawHub
Back to skill

Security audit

MGTV

Security checks across malware telemetry and agentic risk

Overview

This MGTV skill mostly matches its stated purpose, but it can open arbitrary user-supplied URLs in the system browser without restricting them to MGTV.

Review before installing. Use it only if you are comfortable with automatic browser launches, and avoid passing untrusted links to --direct-url. The publisher should restrict direct-url to HTTPS MGTV domains and add confirmation or clearer scoping for broad natural-language requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script exposes a --direct-url parameter and later opens the supplied value in the system browser, which exceeds the declared purpose of only searching and playing MGTV content. In an agent context, this can be abused to turn the skill into a generic URL launcher, enabling phishing or navigation to attacker-controlled sites under the trust of the skill.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The direct-url path resolves to parseMgtvUrl(params.directUrl) || params.directUrl, meaning any caller-provided URL is accepted if it is not transformed into an MGTV URL, and openInBrowser then launches it. In a skill intended for MGTV search/playback, this broad browser-launch capability is dangerous because it can redirect users to arbitrary external content, including credential-harvesting or malware-delivery pages.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README prominently advertises that the skill will 'automatically play' content in the system browser, but it does not clearly and explicitly warn users that invoking the skill may launch an external website and create a browser session. This is a genuine safety/usability issue because automatic opening of external URLs can surprise users, trigger unintended browsing activity, and reduce informed consent, even though the target domain appears to be the legitimate MGTV service.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger examples are broad enough that common user requests like wanting to watch a show or find content could match unintentionally, causing this skill to activate when the user did not specifically intend to use MGTV. In context, the action opens external URLs in the system browser, so misrouting can lead to unwanted browsing actions, privacy leakage through search queries, or phishing exposure if other inputs are later passed through as URLs.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The summary explicitly states the skill will automatically open MGTV pages in the system browser, but it does not mention a confirmation step or clear warning before launching an external site. Even though this is the stated functionality, unexpected browser launches can cause user confusion, facilitate social engineering, or open untrusted URLs if search results or direct URLs are manipulated.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The documented trigger conditions include very generic phrases such as '我想看...', '播放...', and '帮我找...', which can overlap with normal conversation and cause the skill to activate when the user did not specifically intend to use MGTV. In an agent environment, unintended activation can lead to surprise browser launches and external navigation, which creates a real safety and UX risk even though it is not inherently malicious.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The usage documentation states that the skill will open search or playback pages in the system browser, but it does not clearly require an explicit user confirmation or warn about external navigation side effects. This can cause unexpected browser actions and trust boundary crossing from the assistant into the local desktop environment, especially when paired with broad triggers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal