ClawHub

jiege-openclaw-video

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill mostly does what it claims, but it needs Review because it uses a local API key with a hard-coded third-party service and automatically opens returned links with limited user control.

Install only if you are comfortable with a background Python process sending your video prompt and a local OpenClaw API key to WanjieData. Use a dedicated limited-scope key if possible, avoid sensitive prompt content, and expect that completion may automatically open a browser page returned by the remote service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill spawns a detached local Python subprocess based on user input, which expands the execution surface beyond normal message handling and makes the action hard to monitor or control. Although `spawn` is used with argument separation rather than a shell, the background process can still consume local resources, invoke additional logic in `veo_worker.py`, and continue running outside the agent lifecycle.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The README explicitly states that the skill will automatically open the system default browser after generation, which is a system-affecting action initiated without clearly documenting user confirmation or consent. In an agent skill context, unexpected browser launches can be abused to drive users to untrusted URLs, create confusion about what the skill is doing, or trigger additional local actions outside the chat flow.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrase is very broad and allows a natural-language request like '生成视频:...' to invoke backend processing without clear scope limits, confirmation, or safety boundaries. In a skill that automatically starts generation and opens a browser page, broad triggering increases the chance of unintended execution, prompt abuse, or accidental invocation from ordinary conversation.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill states that it will automatically pop open a browser result page, but the description does not clearly warn the user before use that local UI behavior will be triggered. This can surprise users, disrupt workflows, and create a social-engineering or phishing-adjacent risk if browser-opened content is trusted merely because the skill launched it.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill starts a background subprocess without prior disclosure, consent flow, or visible indication of local code execution. In an agent context, silent process creation reduces user awareness and impairs oversight, making abuse, persistence, or unexpected resource consumption more dangerous if the worker script later changes or handles unsafe inputs.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script silently reads an API key from a user-specific configuration file without informing the user at runtime. In an agent skill context, this is risky because it accesses sensitive credentials implicitly, making unauthorized or unexpected third-party use of the key easier and reducing informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user prompt content and an authorization bearer token to an external service without any explicit disclosure, confirmation, or data handling notice. In a skill environment, this is dangerous because prompts may contain sensitive user data, and the code exfiltrates both content and credentials to a remote endpoint outside the local trust boundary.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script automatically opens a URL returned by a remote service using os.startfile without validating the scheme, domain, or content, and without user confirmation. This can expose users to phishing, drive-by downloads, or invocation of unexpected local handlers if a malicious or compromised service returns a dangerous URL.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal