ClawHub

Zopia Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Zopia video-generation helper that uses a Zopia access key, calls Zopia APIs, and saves generated media locally as part of its expected workflow.

Install only if you intend to use Zopia for AI video/image creation. Keep ZOPIA_ACCESS_KEY private, expect your prompts and project IDs to be sent to Zopia, watch for credit-consuming generation or rendering, choose download locations carefully, and confirm exact episode IDs before any delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README states the skill will automatically perform a full workflow after a user describes a creative request, and the metadata says it must trigger whenever a request involves AI-driven video creation. That makes invocation overly broad for a skill that creates remote projects and sends prompts externally, increasing the chance of accidental activation on ordinary brainstorming or creative-assistance requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promises automatic project creation, settings changes, API submission, progress polling, and result download, but does not warn that user content will be transmitted to an external service or that local files may be created or modified. In an agent context, lack of explicit disclosure and consent is dangerous because users may share sensitive prompts or be surprised by network and filesystem side effects.

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger text is overly broad and uses mandatory language such as '都必须触发', causing the skill to activate for a wide range of ordinary creative requests. Over-broad auto-invocation can route unrelated user content into a networked third-party workflow, increasing the chance of unintended data disclosure, surprising actions, and bypass of more appropriate tools.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs automatic download of generated assets to local storage without a clear user warning or consent step for file writes. Silent local writes can consume disk space, create unexpected persistent artifacts, and store sensitive or copyrighted user content on the host system.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document states that episode deletion is irreversible but does not require an explicit confirmation workflow before destructive action. In a project-oriented creative system, accidental or ambiguous invocation could permanently remove user work and associated assets, resulting in irreversible data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal