ClawHub

TencentCloud Video Effects

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised Tencent Cloud video-effects workflow, but it needs review because it can upload images without confirmation and install a Python dependency at runtime.

Install only if you are comfortable sending selected images to Tencent Cloud and using Tencent Cloud credentials from the environment. Prefer an isolated environment, preinstall a pinned SDK yourself, use narrowly scoped cloud credentials, and require explicit confirmation before uploading local or sensitive images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import tencentcloud  # noqa: F401
    except ImportError:
        print("[INFO] tencentcloud-sdk-python not found. Installing...", file=sys.stderr)
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"],
            stdout=sys.stderr,
            stderr=sys.stderr,
Confidence
96% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "tencentcloud-sdk-python", "-q"], stdout=sys.stderr, stderr=sys.stderr, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs shell execution and environment-variable use for cloud credentials, but does not declare corresponding permissions. This creates a capability/consent mismatch: a host or reviewer may not realize the skill can invoke local commands and access secrets, increasing the chance of unintended execution or credential exposure.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Installing Python packages at runtime is not necessary for the core business logic of generating video effects and creates avoidable supply-chain risk. It allows the skill to fetch and execute third-party code on demand, which is especially dangerous in restricted or shared execution environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The markdown tells the agent to automatically execute the script with zero user confirmation whenever an image is provided, even though that action sends user-supplied images to Tencent Cloud for processing. This bypasses informed consent for third-party data transfer and can lead to privacy violations, especially when images contain faces or other sensitive biometric content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code accepts a local image file, base64-encodes it, and sends it to Tencent Cloud without an explicit user-facing warning that local content will leave the machine. In a media-processing skill this remote upload is functionally expected, but the absence of clear disclosure can still cause unintended transfer of sensitive images.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal