ClawHub

jimeng-openclaw-video

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate videos as advertised, but it uses local credentials and broad system actions that users should review before installing.

Install only if you are comfortable with this skill reading your OpenClaw API-key config, sending prompts to the Wanjie/Jimeng service, running a detached Python worker, installing requests if absent, writing prompts/results to plaintext local files, and automatically opening returned video links. Review or modify the code first if you need explicit credential selection, pinned dependencies, no automatic URL opening, or tighter logging controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if system == 'Windows':
            os.startfile(url)
        elif system == 'Darwin':
            subprocess.Popen(['open', url])
        else:
            subprocess.Popen(['xdg-open', url])
    except Exception as e:
Confidence
96% confidence
Finding
subprocess.Popen(['open', url])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
elif system == 'Darwin':
            subprocess.Popen(['open', url])
        else:
            subprocess.Popen(['xdg-open', url])
    except Exception as e:
        log_exc("[!] 打开URL失败", e)
Confidence
96% confidence
Finding
subprocess.Popen(['xdg-open', url])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        importlib.import_module("requests")
    except ImportError:
        subprocess.check_call([sys.executable, "-m", "pip", "install", "requests"])

def trigger_jimeng_generation(prompt, model="jimeng_t2v_v30"):
    ensure_dependencies()
Confidence
90% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "requests"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if platform.system() == 'Windows':
        with open(os.devnull, 'w') as devnull:
            subprocess.Popen(cmd, stdout=devnull, stderr=devnull, creationflags=subprocess.CREATE_NEW_PROCESS_GROUP)
    else:
        with open(os.devnull, 'w') as devnull:
            subprocess.Popen(cmd, stdout=devnull, stderr=devnull, start_new_session=True)
Confidence
83% confidence
Finding
subprocess.Popen(cmd, stdout=devnull, stderr=devnull, creationflags=subprocess.CREATE_NEW_PROCESS_GROUP)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.Popen(cmd, stdout=devnull, stderr=devnull, creationflags=subprocess.CREATE_NEW_PROCESS_GROUP)
    else:
        with open(os.devnull, 'w') as devnull:
            subprocess.Popen(cmd, stdout=devnull, stderr=devnull, start_new_session=True)
        
    return f"[*] 即梦生成任务已提交: {prompt},请在聊天窗口耐心等待结果通知。"
Confidence
83% confidence
Finding
subprocess.Popen(cmd, stdout=devnull, stderr=devnull, start_new_session=True)

Tainted flow: 'url' from requests.post (line 85, network input) → subprocess.Popen (code execution)

Critical
Category
Data Flow
Content
if system == 'Windows':
            os.startfile(url)
        elif system == 'Darwin':
            subprocess.Popen(['open', url])
        else:
            subprocess.Popen(['xdg-open', url])
    except Exception as e:
Confidence
99% confidence
Finding
subprocess.Popen(['open', url])

Tainted flow: 'url' from requests.post (line 85, network input) → subprocess.Popen (code execution)

Critical
Category
Data Flow
Content
elif system == 'Darwin':
            subprocess.Popen(['open', url])
        else:
            subprocess.Popen(['xdg-open', url])
    except Exception as e:
        log_exc("[!] 打开URL失败", e)
Confidence
99% confidence
Finding
subprocess.Popen(['xdg-open', url])

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This file both installs dependencies at runtime and launches a detached worker process, a combination that gives the skill the ability to modify its environment and execute additional code out of band. Those capabilities materially expand the attack surface and can enable unauthorized code execution, persistence, or evasion of normal supervision, especially since no metadata or clear purpose is provided to justify them. The missing context makes this behavior more suspicious, not less.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The worker silently reads an API key from a local config file and transmits user prompt content to an external third-party service with only internal logging. While sending prompts to a remote model/video service may be intended, the lack of explicit user-facing disclosure or consent is a real privacy and secret-handling concern in an agent environment, especially if prompts can contain sensitive user data. The danger is contextual rather than exploit-style code execution, but it is still a meaningful security issue.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal