ClawHub

SiliconFlow Video Gen

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: generate videos through SiliconFlow using a user-provided SiliconFlow API key.

Install only if you intend to let this skill send prompts, image URLs, and your SiliconFlow API key to SiliconFlow. Prefer a dedicated SiliconFlow key with limited billing exposure, and review your OpenClaw config so the skill only has access to the credential you expect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares access to environment variables and a local config file containing API credentials, and its documented usage invokes a Python script, but it does not declare explicit permissions for these capabilities. This creates a transparency and consent problem: users may provide or expose secrets without a clear permission boundary, and any downstream code using shell execution or file reads could access sensitive data beyond what the manifest communicates.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill reads credentials not only from its own environment variable but also from a broader OpenClaw configuration file under the user's home directory. This expands the trust boundary and lets the skill silently consume locally stored credentials beyond what a user may expect for a simple media-generation action.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script retrieves an API key and transmits it to an external service without any explicit user-facing disclosure at runtime that credentials from environment or local config will be used. In agent/skill contexts, silent credential use is security-relevant because users may not realize secrets will be accessed and sent off-host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal