ClawHub

Giggle Generation Drama

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Giggle video-generation skill, but its default workflow can automatically spend account credits without a separate confirmation.

Install only if you trust the publisher and are comfortable giving this skill a Giggle API key. Before using it, instruct your agent not to run execute_workflow or the pay command until it shows the project details, expected credit or money cost, and receives your explicit confirmation for that specific job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill requires access to an API key via environment variables and performs external network operations, but the static finding indicates these capabilities are not declared through a proper permissions model. That weakens transparency and consent, making it easier for a user or platform to underestimate the sensitivity of the skill's behavior. In this context, the skill also performs paid remote actions, which increases the importance of explicit permission declaration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The stated purpose says the skill generates videos and shows styles, but the documented workflow goes further by creating remote projects, submitting jobs, polling status, and automatically initiating payment. This is security-relevant behavior because it can trigger external side effects and charges beyond what a user may reasonably infer from the description, creating risk of surprise billing and overbroad trust in the skill. The context makes this more dangerous because the workflow is intentionally 'call once and wait' with auto-pay built in.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file exposes a payment operation that can charge credits, but the skill metadata only describes video generation and viewing styles. In an agent context, adding a billing capability outside the declared purpose expands the action surface and can cause unauthorized spending if invoked directly or chained from other logic.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The workflow automatically calls the payment endpoint when it detects a pending payment state, without requiring a fresh user approval. This creates a direct path from content-generation requests to credit-charging behavior, which is especially dangerous in an agent skill because routine use can trigger unintended financial actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad everyday phrases such as “拍视频”, “我有故事想法”, and “有哪些视频风格”, which can cause the skill to activate in contexts where the user did not intend to invoke a third-party video-generation workflow. Because this skill can initiate network requests and eventually a paid workflow, overly broad activation increases the chance of accidental invocation, unnecessary disclosure of user content to Giggle.pro, and unintended downstream actions.

Missing User Warnings

High
Confidence
99% confidence
Finding
The workflow explicitly states it will perform automatic payment if needed, but the skill does not require a just-in-time user confirmation, price disclosure, spending cap, or clear warning before charges are incurred. This is dangerous because an accidental or ambiguous activation could lead directly to unauthorized financial impact, especially when combined with the broad trigger phrases and a one-call workflow that both submits and pays.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
At the charge point, the code performs payment immediately after inferring a payable state and only logs status messages to stderr. There is no interactive confirmation, warning, or policy check, so a user asking to generate a video could unknowingly incur charges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal