ClawHub

Youtube Factory

Security checks across malware telemetry and agentic risk

Overview

This is a normal video-generation skill with expected external tools and services, but its documentation overstates being self-contained.

Install only if you are comfortable using a Pexels API key, installing ffmpeg and the listed Python packages, and sending video topics, search phrases, and generated narration to external Pexels and Microsoft Edge TTS services. Avoid confidential or regulated prompts, and use a dedicated Pexels key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
with open(ass_file, "w") as f:
        f.write(content)
    subprocess.run([
        "ffmpeg", "-y", "-i", video_path, "-vf", f"ass={ass_file}",
        "-c:v", "libx264", "-c:a", "copy", output_path
    ], capture_output=True)
Confidence
86% confidence
Finding
subprocess.run([ "ffmpeg", "-y", "-i", video_path, "-vf", f"ass={ass_file}", "-c:v", "libx264", "-c:a", "copy", output_path ], capture_output=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises capabilities that require access to environment variables, filesystem, network, and shell tooling, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can read API keys, write files, invoke external tools, and contact remote services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill claims to be self-contained and use no external modules, but the documentation shows reliance on remote APIs, Python packages, environment configuration, and external binaries. That mismatch is security-relevant because it can mislead users into granting trust under false assumptions about data exposure, dependency risk, and execution behavior.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest's 'self-contained' and 'no external modules' claims are contradicted by later setup instructions requiring ffmpeg, edge-tts, pillow, python-dotenv, requests, and an API key. Inconsistent security/dependency disclosures can cause users or automated review systems to underestimate the attack surface and supply-chain/privacy risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description does not clearly warn that user-provided topics/content may be sent to external services such as Pexels and Edge TTS. This omission matters because prompts may contain sensitive or proprietary information, and users may not expect that their content leaves the local environment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill sends prompt-derived topic and scene visual text to a third-party service without clear disclosure or consent. In agent contexts, prompts can contain confidential or regulated data, so silent transmission increases privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal