ClawHub

Zopia

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Zopia video-creation skill that uses a Zopia access key to create projects, send prompts, poll results, and download generated media.

Install only if you are comfortable sending your prompts, project names, and generated project data to Zopia. Treat ZOPIA_ACCESS_KEY like an account credential, verify the ZOPIA_BASE_URL before use, run downloads in a directory where generated media files are expected, and double-check episode IDs before deletion because deletion is irreversible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares required environment variables and clearly relies on outbound network access to zopia.ai, yet no explicit permissions model is declared. That creates a governance gap: a user or platform may not realize the skill can exfiltrate prompts, metadata, and downloaded asset references to an external service using a sensitive API key. In this context, the capability is expected for the product, but the lack of transparent permission declaration is still a real security issue.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README states that the skill will automatically download generated results, but it does not clearly warn users that local files will be written or where those files will be stored. In an agent-driven environment, implicit file writes can surprise users, overwrite existing data, or place untrusted remote content onto disk without explicit consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to configure an access key and use a remote platform, but it does not disclose that prompts, images, scripts, and other project data may be transmitted to an external service. For a video-creation workflow, users may upload sensitive creative assets or personal data, so the missing privacy and data-transfer warning materially increases risk.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger text is extremely broad and says the skill 'must' activate for any systematic AI video-creation workflow. Over-broad invocation can cause the assistant to route unrelated or ambiguous creative requests into an external service, sending user content, project names, and prompts off-platform without clear necessity or consent. Because this skill performs networked actions and can create projects/download assets, over-triggering materially increases privacy and action-execution risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs the agent to automatically download generated assets to local storage after completion, without an explicit opt-in or warning. Automatic file writes can surprise users, consume disk space, place sensitive or policy-violating media on the host, and create persistence artifacts even when the user only intended to preview results. In a skill that handles externally generated media, that increases both privacy and operational risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents irreversible episode deletion but does not define a mandatory confirmation or safeguard workflow. If exposed through agent actions, ambiguous or mistaken user commands could permanently delete project content with no recovery path. The creative-project context makes destructive mistakes particularly costly because generated scripts, characters, and storyboards may represent significant work or paid compute.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal