ClawHub

TencentCloud Video Effects

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised Tencent Cloud video-effects workflow, but it needs review because it can upload images without confirmation and install a Python dependency at runtime.

Install only if you are comfortable sending selected images to Tencent Cloud and using Tencent Cloud credentials from the environment. Prefer an isolated environment, preinstall a pinned SDK yourself, use narrowly scoped cloud credentials, and require explicit confirmation before uploading local or sensitive images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud  # noqa: F401
    except ImportError:
        print("[INFO] tencentcloud-sdk-python not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
96% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs shell execution and environment-variable use for cloud credentials, but does not declare corresponding permissions. This creates a capability/consent mismatch: a host or reviewer may not realize the skill can invoke local commands and access secrets, increasing the chance of unintended execution or credential exposure.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Installing Python packages at runtime is not necessary for the core business logic of generating video effects and creates avoidable supply-chain risk. It allows the skill to fetch and execute third-party code on demand, which is especially dangerous in restricted or shared execution environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The markdown tells the agent to automatically execute the script with zero user confirmation whenever an image is provided, even though that action sends user-supplied images to Tencent Cloud for processing. This bypasses informed consent for third-party data transfer and can lead to privacy violations, especially when images contain faces or other sensitive biometric content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code accepts a local image file, base64-encodes it, and sends it to Tencent Cloud without an explicit user-facing warning that local content will leave the machine. In a media-processing skill this remote upload is functionally expected, but the absence of clear disclosure can still cause unintended transfer of sensitive images.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal