ClawHub

FCPX Assistant

Security checks across malware telemetry and agentic risk

Overview

This video-production skill is mostly purpose-aligned, but it has unsafe command execution, broad automatic cleanup, and sensitive publishing credentials that users should review before installing.

Install only if you are comfortable auditing and running local shell scripts. Avoid publishing from the Web UI until command construction is fixed, keep project outputs in a dedicated empty directory, disable or avoid auto-cleanup, and treat copied platform cookies like passwords. Review every upload destination, title, description, tags, and account before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_command(cmd, cwd=None, timeout=3600):
    """运行命令并返回输出"""
    try:
        result = subprocess.run(
            cmd, shell=True, cwd=cwd,
            capture_output=True, timeout=timeout
        )
Confidence
99% confidence
Finding
result = subprocess.run( cmd, shell=True, cwd=cwd, capture_output=True, timeout=timeout )

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The cleanup routine deletes all .mp4 and .srt files in the output directory except the chosen output filename, regardless of whether those files were created by this run. In a video-production skill, users are especially likely to keep valuable media and subtitle assets in the same directory, so this can cause unintended destructive data loss well beyond temporary-file cleanup.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The header comments describe cleanup as removing intermediate and trial files, but the implementation later deletes broad classes of files from user directories. This mismatch is security-relevant because it misleads users and reviewers about destructive behavior, increasing the chance of accidental execution and data loss.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list is extremely broad and overlaps with ordinary video-editing language, which increases the likelihood of accidental invocation. In a powerful shell-capable skill, overbroad activation can cause users to trigger file modifications, media downloads, or publishing-related workflows when they only intended to ask for generic advice.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents automatic publishing to third-party platforms but does not prominently warn that this may transmit user-generated media, metadata, and account-linked actions to external services. Because publication can be irreversible and may use authenticated tooling, insufficient disclosure materially increases the risk of accidental data leakage or unauthorized posting.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The skill states that intermediate files are cleaned up automatically, but it does not warn users what will be deleted or whether deletion is reversible. In a media-production workflow with many generated artifacts, unclear cleanup behavior can lead to unintended loss of work product or evidence needed for troubleshooting.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly instructs users to copy browser cookies and store them in local JSON files for publishing workflows, but it does not clearly state that these cookies are equivalent to active session credentials. If these files are exposed through malware, backups, logs, sync services, or accidental commits, an attacker may be able to hijack the user's platform account and publish, modify, or access creator data without knowing the password.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The Douyin and Xiaohongshu instructions tell users to extract cookies from the browser developer tools and save them for automation, again without clearly warning that these values are live session tokens. Compromise of these tokens could allow unauthorized access to the user's creator accounts, including posting content or viewing/managing account data until the session expires or is revoked.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script transmits the user-supplied topic and generated prompt content to a third-party remote API without any explicit user-facing notice, consent step, or data-handling warning. In a content-production assistant, topics may contain unpublished campaign details, private business plans, or personal information, so silent outbound transmission creates a real confidentiality and privacy risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script builds a shell command string from user-controlled inputs like `VIDEO`, `TITLE`, `DESCRIPTION`, `TAGS`, `COVER`, and `SCHEDULE`, then executes it with `eval`. Because shell metacharacters or quote-breaking content can be injected through these values, an attacker could achieve arbitrary command execution in the context of the user running the script.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script invokes ffmpeg with the -y flag for both segment generation and final output, which forces overwrite of existing files without confirmation. In a media-production assistant context where users may repeatedly run automation against valuable project assets, this can cause unintended data loss or destruction of prior outputs if the chosen output path already exists.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script can automatically upload the generated video and metadata to external platforms when --publish is supplied, but it does not present an explicit privacy/data-transmission warning or a final confirmation before sending content off-device. In this skill context, the pipeline collects topic text, generated script, media, and publish metadata, so accidental disclosure or unintended publication is plausible even if the behavior is part of the advertised functionality.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script automatically deletes other MP4 and SRT files in the output directory without warning, confirmation, or proof that they belong to this run. In this skill's context, those file types are likely primary user assets, making the behavior particularly dangerous and likely to destroy unrelated project work.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script recursively removes $PROJECT_DIR/voiceover when it differs from the provided voiceover directory, using trash or rm -rf. Because this directory may contain user-generated voice assets and the deletion is automatic and undisclosed, it creates a substantial risk of irreversible data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits user-supplied script text to the external edge-tts service, but it does not clearly warn users that their content leaves the local machine and may be processed by a third party. In a video-production workflow, users may paste unpublished scripts, confidential business content, or personal data, so silent exfiltration to a cloud service creates a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The UI triggers automatic publishing to external platforms without any visible confirmation, warning, or disclosure that video files, titles, tags, and descriptions will be transmitted externally. In a media-production tool this increases the chance of unintended data disclosure or accidental publication of sensitive/private content.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal