Clips Machine

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local video-clipping skill that downloads or processes user-supplied videos and saves generated clips and transcripts locally.

Install only if you are comfortable running ffmpeg, yt-dlp, and whisper-cpp locally and saving generated media artifacts under the OpenClaw videos output folder. Avoid using it on confidential, regulated, or copyrighted videos unless local transcript and clip retention is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: whisper_cmd = str(whisper_cpp_dir / "main") whisper_model = str(whisper_cpp_dir / "models" / "ggml-base.en.bin") subprocess.run([ whisper_cmd, "-m", whisper_model, "-f", audio_path, "-oj", "-of", output_base ], capture_output=True)
Confidence: 88% confidence
Finding: subprocess.run([ whisper_cmd, "-m", whisper_model, "-f", audio_path, "-oj", "-of", output_base ], capture_output=True)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: whisper_cmd = "whisper-cpp" whisper_model = "/usr/local/share/whisper-cpp/models/ggml-base.en.bin" if subprocess.run(["which", whisper_cmd], capture_output=True).returncode != 0: whisper_cpp_dir = Path.home() / ".whisper-cpp" whisper_cmd = str(whisper_cpp_dir / "main") whisper_model = str(whisper_cpp_dir / "models" / "ggml-base.en.bin")
Confidence: 84% confidence
Finding: if subprocess.run(["which", whisper_cmd], capture_output=True).returncode != 0:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises and requires capabilities that imply shell execution, network access, environment use, and local file writes, but it does not declare permissions for them. That creates a transparency and consent problem: users may invoke a seemingly simple media skill without being clearly warned that it will download remote content, execute external binaries, and write multiple artifacts locally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The documented behavior materially understates what the skill does by claiming to be self-contained and to use no external modules while depending on external binaries and downloading media from third-party platforms. Misleading descriptions reduce informed consent and can cause users to expose themselves to unexpected network activity, third-party content handling, and additional local artifact generation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill encourages users to pass remote URLs but does not prominently warn that this will fetch third-party media, analyze it, and create local files containing derived content such as transcripts and summaries. This omission can surprise users, create privacy/copyright/compliance issues, and lead to unintended storage of sensitive or regulated media-derived data on disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal