ClawHub

Seisoai

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Seisoai media-generation gateway, but it needs review because it can spend via x402 and use identity-affecting media tools without enough explicit user-control and consent guidance.

Install only if you are comfortable giving the agent Seisoai API or wallet/payment authority. Require explicit approval before any paid x402 call, check pricing first, avoid sending secrets or sensitive media in prompts or URLs, and use face-swap or voice-clone workflows only with clear authorization from the person involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs agents to send API keys, media URLs, and other user-supplied content to a third-party service, but it does not warn that prompts, files, and externally hosted URLs may disclose sensitive data to that provider or to any URL endpoints referenced. In an agent setting, this omission can cause unintentional privacy leakage because the workflow normalizes transmission of credentials and user content without requiring consent or data-minimization checks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented face-swap and voice-cloning capabilities enable processing of biometric and identity-linked media, but the skill provides no warning about consent, impersonation, or sensitive-personal-data risks. In this context, omission is more dangerous because the skill is specifically a unified gateway for powerful media-generation tools, making misuse straightforward for deception, harassment, or unauthorized replica generation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal