ClawHub

Video Pipeline Bundle

Security checks across malware telemetry and agentic risk

Overview

This looks like a real video-processing skill, but it needs review because it can change the local Python environment, send video-derived data or filenames externally, and modify original files.

Install only after reviewing the scripts and running them in an isolated environment. Avoid confidential videos unless you are comfortable sending transcripts to the selected LLM provider, verify or unset OPENCLAW_TARGET before processing sensitive filenames, and back up originals because the clipping script renames source files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd = ["ffmpeg", "-i", video_path, "-vf", f"subtitles='{subtitle_path}'", "-c:a", "copy", "-y", output_path]
        
        process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
        for line in process.stderr:
            print(line, end='')
Confidence
85% confidence
Finding
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if result.returncode != 0:
        print("📦 正在安装 auto-editor...")
        try:
            subprocess.run([sys.executable, "-m", "pip", "install", "auto-editor", "--break-system-packages"], 
                         capture_output=True)
            print("  ✅ auto-editor 安装完成")
        except Exception as e:
Confidence
98% confidence
Finding
subprocess.run([sys.executable, "-m", "pip", "install", "auto-editor", "--break-system-packages"], capture_output=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
            print(f"  📦 正在安装 {dep}...")
            try:
                subprocess.run([sys.executable, "-m", "pip", "install", dep, "--break-system-packages"], 
                           capture_output=True)
                print(f"  ✅ {dep} 安装完成")
            except Exception as e:
Confidence
92% confidence
Finding
subprocess.run([sys.executable, "-m", "pip", "install", dep, "--break-system-packages"], capture_output=True)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation contains materially conflicting security guidance about `--install-deps`: earlier sections say it will automatically install packages, while the safety section claims it only prints commands and does not auto-execute. In a skill that invokes package installation, this inconsistency can mislead users into running code with greater side effects than expected, increasing the risk of unintended package installation or environment modification.

Intent-Code Divergence

Low
Confidence
82% confidence
Finding
The notification behavior is documented inconsistently: one section says notifications are disabled by default, while another suggests passing `--notify false` to disable them. For a feature that may send filenames or workflow progress to an external target, ambiguity about the default can cause accidental data disclosure if users assume no outbound messaging occurs.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script includes outbound Feishu/OpenClaw messaging that is not part of the core documented video-processing functionality. In an agent skill context, hidden or under-disclosed external communications increase the risk of metadata leakage, unexpected side effects, and abuse for signaling or exfiltration.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The function claims to check dependencies but silently installs software and modifies the system Python environment. In an agent-skill context, hidden installation behavior is dangerous because it expands the trust boundary, changes host state unexpectedly, and may fetch unreviewed third-party code during execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends video filenames, processing status, and progress updates to an external Feishu channel without any explicit disclosure, confirmation, or minimization. In this context, filenames may contain sensitive project names, client names, or personal data, so automatic outbound messaging creates a real confidentiality risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill can send status messages to an external Feishu target without prominently disclosing that networked notification behavior in its stated purpose. In a security review of agent skills, undisclosed outbound communication is meaningful because it can leak filenames, processing status, and workflow metadata outside the local environment.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The send function forwards status messages to an external Feishu channel when --target or OPENCLAW_TARGET is set, but the script does not provide a strong explicit warning that filenames, paths, and workflow status may leave the local system. In this context, messages include user-controlled strings such as paths and file names, which can disclose sensitive project metadata to a third-party destination.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends filenames, task progress, and input/output paths to an external messaging target, with notification enabled by default and little explicit disclosure. In a skill context, this creates a real confidentiality risk because local media names and directory structures often contain sensitive personal or business information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
After successful processing, the script renames the original source files in place without a prominent warning or a separate confirmation flag. In an automated skill setting, unexpected mutation of user data is security-relevant because it can disrupt workflows, break references, and cause accidental data handling or retention issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends full transcript text derived from local video/audio content to external LLM providers without an explicit opt-in, warning, or data-classification check. In many environments, transcripts may contain sensitive business, personal, or regulated information, so silent transmission to third parties is a real confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal