ClawHub

Video Pipeline

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill is mostly purpose-aligned, but it needs review because it uses sensitive credentials, sends content to external AI/TTS services, mutates local project files, and includes an exposed fallback API key and unsafe dependency declarations.

Install only if you are comfortable sending prompts, outlines, narration, and TTS text to third-party services and running it inside a dedicated Remotion project. Review and remove the hardcoded DashScope fallback key, pin or clean dependencies, use your own credential file, and keep the project under version control so Root.tsx and generated files can be reviewed or reverted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (21)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"  CMD: {' '.join(cmd)}")
    t0 = time.time()
    # shell=True needed on Windows so npx.cmd can be found
    result = subprocess.run(' '.join(cmd), cwd=str(PROJECT_DIR), shell=True)
    elapsed = time.time() - t0

    if result.returncode != 0:
Confidence
99% confidence
Finding
result = subprocess.run(' '.join(cmd), cwd=str(PROJECT_DIR), shell=True)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script reads a local credential file from the user's home directory and uses the recovered API key to make outbound requests to DashScope. Although this is functionally related to AI narration generation, it still creates a real secret-access and data-egress path without explicit user consent, scope restriction, or trust validation of the destination URL.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The pipeline reads API credentials from a sensitive file under the user's home directory and silently sends prompt content to an external LLM service. In a skill context, this is risky because it performs credential use and third-party data transmission without any explicit consent, visibility, or controls over what user/project data may be exposed.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This section introduces shell-based command execution for rendering, which is unnecessary for the documented workflow and materially increases risk. In this skill, the command incorporates values derived from user input and generated filenames, making the shell invocation significantly more dangerous than ordinary orchestration.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are very generic ('生成视频', '做视频', '短视频', '行业视频') and could match many ordinary user requests unrelated to this specific pipeline. That can cause unintended invocation of a skill that performs multi-step generation, external API use, and local file/rendering operations without the user clearly opting into those actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The usage and workflow describe sending content to DashScope and Edge-TTS and performing cache cleanup, file generation, and rendering, but do not warn users that their prompts/scripts may be transmitted to third-party services or that local files may be modified/deleted. This creates a consent and data-handling risk, especially if users provide sensitive business content or run the skill in directories containing important files.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script contains a hardcoded fallback DashScope API key, which is a credential exposure issue. Anyone with access to the code can reuse the key for unauthorized API calls, causing billing abuse, service misuse, and possible compromise of data sent under that account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function sends full narration text to an external LLM service without clear user consent or warning, which can expose proprietary, personal, or otherwise sensitive content to a third party. In this skill context, narration files may contain internal course material or confidential scripts, making unintended data exfiltration more concerning.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code accesses a sensitive credential file in the user's home directory without any user-facing warning, confirmation, or least-privilege control. In an agent-skill context, undisclosed secret access is risky because users may not expect local credentials to be harvested for use by the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The outline content is embedded into the prompt and transmitted to an external API, but the script gives no upfront disclosure that local project content may leave the environment. If outlines contain proprietary lesson material, customer data, or internal business information, this causes unintended third-party disclosure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script transmits user-supplied course topic, industry, and audience data to an external DashScope API, but the code and nearby comments do not clearly warn the operator that this content leaves the local environment. That creates a privacy and data-governance risk, especially if users provide sensitive business, medical, or proprietary course material assuming processing is local.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code accesses a local credential file and sends data to an external API without any explicit user notice or consent flow. Even if intended for legitimate LLM use, silent secret consumption and outbound transmission can violate user expectations and leak sensitive prompts or project details.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The pipeline writes generated source files into the project tree without warning that existing files may be created or overwritten. In an automation skill, unexpected source modification can corrupt a repository, introduce unreviewed code, or cause downstream execution of generated content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code edits an existing Root.tsx file in place, changing application source registration automatically. This is dangerous because it mutates trusted project code without review, potentially breaking builds or wiring in generated components that were never inspected.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The pipeline copies the rendered file to a Desktop folder without prior notice, causing an unexpected write outside the main project output directory. While lower severity, unannounced writes to user-visible locations can leak sensitive content, clutter the environment, or violate least-surprise expectations.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
When --fix is supplied, the script rewrites project files immediately, including durations.json and the Composition source, with no confirmation, dry-run, backup, or atomic write safeguards. In a build/pipeline context this can unintentionally destroy local changes or corrupt generated sources if pointed at the wrong project path, making integrity loss the main risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Python dependencies for video pipeline
edge-tts>=6.0.0
requests>=2.25.0
dashscope>=1.13.0
mutagen>=1.45.0
Confidence
88% confidence
Finding
edge-tts>=6.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Python dependencies for video pipeline
edge-tts>=6.0.0
requests>=2.25.0
dashscope>=1.13.0
mutagen>=1.45.0
asyncio
Confidence
95% confidence
Finding
requests>=2.25.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Python dependencies for video pipeline
edge-tts>=6.0.0
requests>=2.25.0
dashscope>=1.13.0
mutagen>=1.45.0
asyncio
pathlib
Confidence
87% confidence
Finding
dashscope>=1.13.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
edge-tts>=6.0.0
requests>=2.25.0
dashscope>=1.13.0
mutagen>=1.45.0
asyncio
pathlib
argparse
Confidence
86% confidence
Finding
mutagen>=1.45.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal