ClawHub

Sora AI视频生成

Security checks across malware telemetry and agentic risk

Overview

This skill mostly documents a Sora2 data API integration, but it under-discloses that it can upload user images and retrieve no-watermark download links while claiming to be read-only.

Review before installing. Use this only if you are comfortable sending Sora-related queries and possibly images to www.aconfig.cn with a MaxHub API key. Avoid uploading sensitive images or personal viewing history, and treat no-watermark download links as subject to content rights and platform terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a data-query/read-only assistant, but its documented endpoint set includes `upload_image` under the Cameo flow. That creates a capability mismatch: users and calling systems may trust the skill as passive data retrieval when it can transmit user-supplied content to a third-party service. In security review, this kind of undeclared write/upload behavior increases the risk of data exfiltration and misuse.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The security declaration explicitly claims the skill performs only read-only queries, yet the documented API set includes an image upload endpoint. This is a material contradiction that can mislead users, orchestrators, and reviewers into granting trust or permissions under false assumptions. Misrepresentation of data-handling behavior is especially risky because it may cause sensitive local/user content to be transmitted unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
78% confidence
Finding
The file exposes a dedicated endpoint optimized for retrieving no-watermark and alternate-quality download URLs, which materially expands the skill from analytics into content acquisition. In context, that increases the likelihood of copyright/policy abuse and unauthorized bulk downloading, especially because the skill is framed as a data-query assistant rather than a downloader.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example trigger words are extremely broad generic terms such as “作品,用户”, “Cameo,出镜秀”, and “上传,图片”, which can easily overlap with ordinary user conversation and cause unintended skill activation. In an agent environment, accidental invocation can lead to unnecessary external API calls, unintended disclosure of queried platform data, or confusing routing of user requests to this skill when the user did not explicitly intend to use it.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The routing triggers are very broad, including generic terms like `video`, `feed`, `find`, `show me`, and defaulting uncertain cases to `Post & User`. Overbroad triggers can cause accidental invocation on unrelated prompts, leading to unintended third-party API requests and unnecessary disclosure of user queries. Because the skill can contact an external service automatically, accidental matching has real privacy and cost implications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill asks users to obtain and configure a third-party API key and then use external APIs, but it does not clearly warn that user queries and the bearer-authenticated requests will be transmitted to `https://www.aconfig.cn`. This omission weakens informed consent and can expose sensitive search terms, identifiers, or attached content to a third party without adequate notice.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The API accepts detailed viewing-history data via the eager_views parameter to personalize recommendations, but the documentation provides no privacy notice, consent requirement, retention guidance, or minimization constraints. This creates a clear privacy risk because operators or downstream agents could transmit user behavioral data without informed consent or appropriate handling controls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal