ClawHub

wanjie-openclaw-video

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it needs Review because it can use a global OpenClaw API key, start detached background work, install Python packages at runtime, and automatically open remote result links.

Install only if you are comfortable with this skill starting detached Python processes, using an API key from your global OpenClaw config, sending prompts to Wanjie's API, possibly installing requests at runtime, writing local log/result files, and opening generated links automatically. Prefer a skill-scoped API key and review whether any scheduled task or background monitor is created after installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (11)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if platform.system() == 'Windows':
        os.startfile(url)
    elif platform.system() == 'Darwin':  # macOS
        subprocess.Popen(['open', url])
    else:  # Linux
        subprocess.Popen(['xdg-open', url])
Confidence
91% confidence
Finding
subprocess.Popen(['open', url])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
elif platform.system() == 'Darwin':  # macOS
        subprocess.Popen(['open', url])
    else:  # Linux
        subprocess.Popen(['xdg-open', url])

def is_process_running(pid):
    """检查指定 PID 的进程是否在运行"""
Confidence
91% confidence
Finding
subprocess.Popen(['xdg-open', url])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
importlib.import_module("requests")
    except ImportError:
        print("[*] 正在安装缺失依赖: requests...")
        subprocess.check_call([sys.executable, "-m", "pip", "install", "requests"])

def trigger_veo_generation(prompt, model="veo3.1-fast", seconds=8):
    # 在触发前确保环境就绪
Confidence
93% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "requests"])

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill includes the capability to open URLs directly on the host system, and the URL is later sourced from streamed remote content. In a skill with no declared permissions or documented need for local application launching, this materially increases risk because remote content can cause unsolicited browser/app execution.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script reads an API key from a user home-directory configuration file without any visible permission or disclosure boundary. Accessing local credentials broadens the trust scope of the skill and can enable unauthorized use of another service account if the skill is invoked unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill auto-installs a Python package when imported functionality is missing, which changes the execution environment and may download and execute untrusted code from package infrastructure at runtime. Because the skill purpose is not dependency management and there is no integrity verification, this behavior is risky in a security-sensitive agent environment.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code spawns a detached worker process and immediately returns success, which reduces visibility, weakens lifecycle control, and can leave background processes running outside normal supervision. In an agent setting, that makes auditing, resource control, and containment harder, especially because user-controlled inputs are passed through to another script whose behavior is not shown here.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states that the skill may automatically download missing Python dependencies over the network and run background monitoring/restart behavior, but it does not clearly warn users about the resulting system changes, outbound network activity, or persistent execution. In an agent skill context, undocumented self-healing, polling, and auto-restart features increase the risk of unexpected package installation, long-running processes, and harder-to-audit behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation phrase is extremely broad ('生成视频:[您的提示词]') and does not describe any confirmation, scoping, or explicit invocation boundary. In an agent environment, broad triggers can cause unintended activation from normal conversation text, leading to unauthorized task execution or resource consumption.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes persistent background monitoring, automatic dependency installation, file output, timeout cleanup, and creation of a Windows scheduled task without prominently warning the user about these system changes. Persistence plus autonomous execution materially increases risk because it can continue operating after the initial interaction, modify the host environment, and create opportunities for abuse or hard-to-notice unwanted behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script silently loads a local API key and immediately uses it to send a prompt to an external service. This is dangerous because users may not realize their stored credentials are being reused or that their prompt data is being transmitted off-host under that credential.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal