ClawHub

FCP Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed video-production helper that runs user-invoked media scripts, downloads stock footage, calls local TTS/ASR services, and writes media outputs as expected for its purpose.

Install only if you are comfortable running local shell scripts that download stock media, write or overwrite files in chosen project folders, and pass narration text or media paths to local Qwen services. Review output paths before reruns and use only trusted local TTS/ASR services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and demonstrates shell execution, media download, and project generation workflows, but the manifest declares no permissions. This creates a transparency and consent gap: users or orchestration layers may invoke a skill capable of writing files and running commands without an explicit permission boundary, increasing the chance of unintended execution or abuse.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very broad phrases such as 'make video', 'voiceover', 'import media', and 'export', which are common in ordinary requests and can cause this high-impact automation skill to activate unexpectedly. Because the skill can run shell commands, download content, and automate Final Cut Pro, overbroad routing materially raises the risk of accidental invocation and unintended side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The media collection workflow performs external network requests and downloads third-party media, but the description does not present this as a clear warning or consent point. In a skill that can fetch remote assets, omission of explicit notice can lead users to expose queries, API-backed activity, and local storage changes without realizing an external transfer will occur.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The auto-assembly and export workflow clearly creates, modifies, and outputs media artifacts, subtitles, metadata, and other project files, yet the skill description does not clearly warn users about automated file creation and modification. For an automation skill that invokes ffmpeg and project tooling, missing disclosure increases the risk of unintended overwrites, workspace pollution, or destructive changes when triggered accidentally.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script sends arbitrary user-provided narration text to a separate local HTTP service without clearly warning the user that their content leaves the shell process and is transmitted to another daemon. Even though the destination is localhost, this is still a service-boundary crossing that can expose sensitive script content to logging, retention, or compromise in the local TTS service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal