ClawHub

动画视频制作skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a local video-preview/export tool with optional user-confirmed TTS, and its sensitive behaviors are mostly disclosed and purpose-aligned.

Install only if you are comfortable with a Node/Playwright/ffmpeg local toolchain. Use preview mode first, export only when intended, and configure cloud TTS only with an API key you are willing to use for third-party voice synthesis; remove ~/.codex/motion-video-skill/secrets.json if you no longer want the saved key retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill explicitly instructs use of external services and local tooling that imply network access and environment/secret handling, yet the metadata declares only a Node binary requirement and no corresponding permissions/capabilities. This creates a transparency and consent problem: users and policy systems cannot accurately assess that the skill may read API keys, contact third-party TTS providers, or write local secret material before use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The public description frames the skill as a video-preview/export tool, but the body expands behavior to include external TTS integration, voice synthesis, API-key retrieval and persistence, local system speech, audio mixing, and subtitle generation. That mismatch is security-relevant because users may provide content believing it stays local or limited to preview/export, while the skill can transmit narration to third parties and persist credentials on disk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The file writes API secrets to disk under the user’s home directory without any visible user-facing disclosure or consent mechanism. Even with restrictive file permissions, silent persistence of credentials increases the risk of surprise storage, accidental retention, backup exposure, or later misuse by other local processes running as the same user.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The code reads sensitive environment variables for multiple providers without any visible disclosure in this component. Although this is a common integration pattern, undisclosed access to environment-backed credentials reduces transparency and can violate user expectations about what data the skill consumes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal