ClawHub

百度智能云VOD视频翻译

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Baidu VOD video-translation skill, but it can upload private media, use Baidu Netdisk, and delete remote projects with limited built-in safeguards.

Install only if you are comfortable providing Baidu VOD credentials and sending selected videos, subtitles, and metadata to Baidu cloud services. Confirm exact file paths, output locations, and any Baidu Netdisk upload or download before running. Be especially careful with project deletion and task-update commands because they can change or remove remote Baidu VOD resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes a separate operational capability to interact with Baidu Netdisk via an external CLI, which goes beyond pure translation API usage and enables local file movement and remote storage access. In an agent context, this broadens the attack surface and could be abused to pull or push files without the user fully appreciating that an external tool with their account context is being used.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad phrases such as '视频翻译', '翻译视频', and task-management language, which can cause the skill to activate in ambiguous conversations. In this context, mis-triggering is risky because the skill may then ask for local paths, scan directories, or prepare cloud-processing actions for sensitive media that the user did not intend to submit to this tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill processes videos through Baidu VOD and supports upload/download to cloud or netdisk, but the description and early workflow do not prominently warn users that local media and subtitles may be transmitted to third-party cloud services using cloud credentials. For potentially sensitive videos, this can create significant privacy, compliance, and data-handling risk if the user believes processing is purely local.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code uploads a local video file to a remote URL without any user-facing disclosure except in debug mode. In an agent skill handling user media, silent external transmission is dangerous because it can expose sensitive content or cause the user to misunderstand where their data is being sent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function performs destructive deletion of translation projects through the remote API with no confirmation guardrail or visible disclosure. In an agent workflow, that can lead to accidental or prompt-induced data loss affecting user assets and project history.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This netdisk download writes remote content to a local path without non-debug disclosure or confirmation. That is risky in an agent environment because it silently changes the local filesystem and may overwrite files or materialize untrusted content on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This function uploads a local file to netdisk without user-facing disclosure outside debug mode. Silent exfiltration of local files is a meaningful security and privacy risk, especially for an agent with access to user-selected or batch-processed media.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Downloaded result content is written directly to disk without visible disclosure except in debug mode. In an agent setting, silent writes can surprise users, overwrite expected outputs, or persist potentially sensitive/unsafe content locally.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal