ClawdBites

Security checks across malware telemetry and agentic risk

Overview

This skill processes public Instagram reels to extract recipes, with disclosed local media tools and optional recipe saving, but users should understand it may download, transcribe, and visually analyze reel content.

Install only if you are comfortable with local media-processing tools and a pip-installed Whisper dependency. Use it with public reels you intend to process; if frame analysis runs, images from the reel may be analyzed by the agent's vision model. Only choose wishlist or notes actions for recipes you want saved persistently.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest advertises caption extraction, but the skill actually instructs the agent to download the reel, transcribe audio, inspect frames, and potentially send frames to a vision model. That scope expansion matters because users may consent to text parsing but not to broader media processing, creating a transparency and authorization gap.

Missing User Warnings

Low

Confidence: 68% confidence
Finding: The README says the skill may automatically transcribe audio and analyze video frames from Instagram reels, but it does not disclose that media content will be downloaded and processed locally. In a user-facing agent context, this can create an informed-consent and privacy problem because users may expect caption-only extraction while the skill performs broader media analysis.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs automatic frame extraction and submission to a vision model without a clear upfront warning or consent step. Even if the reel is public, frames can contain people, homes, usernames, or other incidental sensitive content, so transmitting them to another model/service without notice creates a privacy and data-handling risk.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill offers actions like adding a recipe to a wishlist stored in a local JSON file, but the description does not clearly warn users that selecting this action writes persistent data to local storage. This can surprise users, especially on shared systems or where local files may later be indexed, synced, or exposed to other tools.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal