ClawHub

Google vertex video adc

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it silently saves raw Google Vertex AI responses to predictable files in the shared temp directory.

Review this before installing on shared machines or when prompts, source images, or generated videos are sensitive. The Google Cloud/API behavior is expected, but the script should ideally remove default debug persistence or write any debug files to private, per-run locations with restrictive permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes local Python scripts, reads prompt and optional image files, writes output files, accesses environment variables for Google Cloud configuration, and relies on shell-accessible tools like gcloud and curl, yet it declares no permissions. This creates a transparency and least-privilege problem: users and orchestrators cannot accurately assess that the skill can access credentials, local files, and execute external commands, which increases the risk of unintended data exposure or command misuse.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code writes raw API responses, polling state, and final operation results to predictable filenames in the shared system temp directory. Those files may contain prompts, operation metadata, and potentially base64-encoded video content, allowing other local users or processes on the same host to read sensitive data if temp-directory permissions or environment isolation are weak.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The response from `predictLongRunning` is written to `/tmp` using a predictable filename without informing the user. This creates a local information disclosure risk because API responses may include sensitive operational metadata and can be harvested by co-resident users or processes.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Polling output and the final operation JSON are saved repeatedly to predictable temp files without user disclosure. Because the final operation may contain generated media or encoded artifacts, this can leak potentially sensitive content and request context to other local actors and leaves residual data on disk after execution.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal