ClawHub

jimeng-openclaw-video

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate videos as advertised, but it reads a broad local OpenClaw API key and sends it to a third-party service in a way users should review first.

Install only if you are comfortable with the skill using an OpenClaw API key to call the Wanjie/Jimeng service and potentially consuming quota or incurring charges. Prefer a dedicated provider key for this service, confirm it is the key this skill will read, avoid sensitive prompts, and expect local logs/results plus a possible first-run pip install.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        importlib.import_module("requests")
    except ImportError:
        subprocess.check_call([sys.executable, "-m", "pip", "install", "requests"])

def trigger_jimeng_generation(prompt, model="jimeng_t2v_v30"):
    ensure_dependencies()
Confidence
91% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "requests"])

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script silently reads an API key from the user's ~/.openclaw/openclaw.json file and uses it to authenticate to a third-party service. Accessing local credentials without clear disclosure or explicit consent is dangerous because it can cause unintended credential use and creates a hidden trust boundary crossing from local secrets to remote network operations.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The README explicitly states that operation logs and generation results are written to local files, but it does not clearly warn that prompts, task metadata, and generated video URLs may persist on disk. This creates a real privacy and data-handling issue because users may unknowingly leave sensitive prompts or output links in plaintext files on shared or monitored systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README says user prompts are sent to the Jimeng API via a third-party MaaS platform, but it does not clearly disclose the privacy implications of transmitting user content off-box. This is a genuine security/privacy issue because users may submit sensitive or regulated content without understanding that it leaves the local environment and is subject to the provider's handling, retention, and logging policies.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill documentation explicitly states that results are written to a local file (`veo_result.txt`) but does not warn the user about this side effect or describe where data will be stored and whether prompts or outputs may persist on disk. While this is not inherently malicious, silent file writes can create privacy, data handling, and workspace integrity concerns, especially in shared or automated environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code reads a local API key without any user-facing notice, making secret consumption implicit and non-transparent. In an agent skill context, this is especially risky because users may not expect the skill to access stored credentials and use them on their behalf.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User-supplied prompt content is transmitted to an external endpoint with no visible disclosure, sanitization, or consent flow. In a skill environment, prompts may contain sensitive or proprietary data, so silent exfiltration to a third-party API increases privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatically installing dependencies during execution without warning or confirmation is unsafe because it performs network-enabled package installation as a side effect of normal use. In a skill context, this increases risk by executing external code unexpectedly and bypassing normal deployment review and dependency governance.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal