ClawHub

视频去除水印

Security checks across malware telemetry and agentic risk

Overview

The visible files do not show malware, but the skill asks users to run an unverified local binary and optional HTTP service that are not adequately scoped or documented.

Install only if you trust the publisher and can independently verify the parser binary source. Avoid private or token-bearing share links, and do not expose the optional HTTP service beyond localhost unless you understand and control its network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes shell scripts and native binaries but does not declare corresponding permissions or execution capabilities. Undeclared code execution increases audit difficulty and can expose users to unexpected local command execution, especially when handling untrusted URLs as input.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill is presented primarily as a one-shot video parsing tool, but it also exposes persistent HTTP server functionality with a Web UI. Expanding from local parsing to a service changes the attack surface significantly, creating opportunities for unintended exposure, local network access, or unsafe request handling not disclosed in the stated purpose.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The README claims the tool is 'only local' and 'safe/reliable' because it uses a local executable, but later documents starting an HTTP service. That mismatch can mislead users into underestimating exposure, especially if the service binds beyond localhost or handles untrusted URLs and content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to start an HTTP service without any warning about who can reach it, what data it processes, or the risks of exposing a video-parsing endpoint. In this skill context, the service likely accepts attacker-controlled URLs, making undocumented network exposure more dangerous because it could enable abuse, unintended data access, or SSRF-like behavior depending on implementation.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The trigger phrases are broad enough to match generic requests like downloading or parsing videos beyond the narrowly intended use case. Overbroad activation can cause the skill to run in contexts the user did not intend, potentially sending third-party links to local tooling or services without clear consent.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill asks users to submit third-party share links for processing but does not clearly warn that those links and associated metadata may be disclosed to local services, scripts, or remote platforms during resolution. This can surprise users and create privacy issues, especially when links contain identifiers, tracking parameters, or access-scoped tokens.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal