ClawHub

Content Automator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but users should avoid feeding it private scripts or portfolio data unless they are comfortable sending that text to ElevenLabs.

Install only if you are comfortable with local ffmpeg processing and with ElevenLabs receiving the script text being narrated. Use a dedicated ElevenLabs key if possible, review any portfolio or script content before running TTS, pass an explicit --portfolio path for trading videos, and avoid untrusted or punctuation-heavy titles until the drawtext escaping is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
]
    
    try:
        subprocess.run(ffmpeg_cmd, capture_output=True, check=True)
        return True
    except subprocess.CalledProcessError as e:
        print(f"ffmpeg error: {e}")
Confidence
86% confidence
Finding
subprocess.run(ffmpeg_cmd, capture_output=True, check=True)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The trading command silently reads a specific file from the user's home directory containing portfolio/dashboard information, then uses that content to generate output and later send derived text to a third-party TTS provider. In a skill context, automatic access to personal financial data is risky because it expands data access beyond what a generic content automation description clearly justifies.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script content is transmitted to ElevenLabs without a clear warning or consent gate at the call site, which can expose sensitive or proprietary text to an external service. In this skill, that risk is heightened because scripts may be generated from local portfolio data or arbitrary local files supplied by the user.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal