ClawHub

Giggle Generation Aimv

Security checks across malware telemetry and agentic risk

Overview

This skill is for AI music-video generation, but its default workflow can automatically spend from the user's Giggle account without a separate confirmation step.

Review before installing. Use this only if you are comfortable giving the skill a Giggle API key that can create projects and pay for pending MV generation. Prefer a version that stops when payment is required, shows order or price details, and asks for explicit approval before calling the pay endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The declared purpose focuses on generating music videos from prompts or lyrics, but the documented behavior also includes payment initiation, standalone job querying, and workflow retries. That mismatch is security-relevant because users or calling agents may grant trust for content generation while unintentionally authorizing billing actions and broader project management operations.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation gives conflicting operational guidance: it says errors must not be retried, yet later states the script automatically retries network failures up to 5 times. In a paid API workflow, inconsistent retry behavior can cause duplicate submissions, unintended charges, or hard-to-debug state corruption if the backend is not fully idempotent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script includes a dedicated payment method and integrates it into the MV workflow, which expands the skill from content generation into account-charging behavior. In an agent context, this creates a real risk of unauthorized or unintended financial transactions if the tool is invoked automatically or with ambiguous user intent.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The workflow command automatically calls execute_workflow(), which can proceed through creation, submission, progress polling, and payment without any user-facing approval checkpoint. For a skill whose stated purpose is AI music video creation, silently charging the user's connected account is outside expected scope and can lead to unauthorized purchases.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill states that the workflow will automatically detect and pay pending items, but does not prominently warn that execution may trigger a billable transaction. This is dangerous because an agent could perform a charge without explicit, informed user consent, creating financial harm and violating expected approval boundaries for paid actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs users to set a system environment variable containing an API key, but does not warn that the key is sensitive or advise against exposing it in logs, transcripts, screenshots, or source files. This increases the risk of credential leakage and subsequent unauthorized API usage or billing.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
There is no visible confirmation, warning, or acknowledgment before the workflow may trigger pay() when pay_status becomes pending. This makes accidental charges plausible, especially when an agent or wrapper invokes the workflow command on behalf of a user who may believe they are only generating media, not authorizing payment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal