ClawHub
Back to skill

Security audit

Morfeo UGC Engine

Security checks across malware telemetry and agentic risk

Overview

The skill matches its local video-engine purpose, but it exposes an admin API credential and gives broad chat-driven control over mutating workflow, publishing-draft, and service-management actions.

Review carefully before installing. Remove and rotate the embedded admin token, use an environment variable or secret store, and limit use to trusted operators. Treat this skill as able to change engine state, create social-media drafts, read logs, and restart the local Morfeo service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill includes process-control commands such as restarting a PM2 service and tailing logs, which grant operational control over local infrastructure beyond simple content-generation guidance. In a skill context, this can cause service disruption, unauthorized administration, or log exposure if invoked by an agent without explicit authorization boundaries.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation hardcodes an admin bearer token and instructs the agent to use it directly in requests. This is a direct credential disclosure that enables unauthorized access to the local API and makes privilege misuse far more likely if the skill is surfaced, logged, or reused elsewhere.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README advertises a "publicá el video" action without warning that publishing can create externally visible, potentially irreversible effects. In a chat-driven skill, users may trigger publication casually or accidentally, increasing the risk of unintended public release of brand content or confidential material.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrase 'Cualquier operación sobre el Morfeo UGC Engine' is overly broad and can activate the skill for any engine-related action, including sensitive state changes. Broad activation increases the chance an agent performs privileged operations without clear user intent or proper confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes state-changing actions like advancing pipeline stages, selecting shots, and publishing drafts with little emphasis on confirmation, auditability, or rollback. In practice, this can lead to unintended modifications to production workflows and external publication systems.

Ssd 3

High
Confidence
99% confidence
Finding
The skill exposes a plaintext admin token and full authorization header format in natural-language instructions. That materially increases the risk of credential leakage through prompts, logs, screenshots, or model responses, and enables direct authenticated access to privileged endpoints.

Ssd 3

High
Confidence
98% confidence
Finding
Repeated command examples train or encourage the agent to reproduce the bearer token during normal operation, amplifying disclosure risk. Repetition also increases the chance the secret is copied into histories, notebooks, terminals, and other telemetry systems.

Ssd 3

High
Confidence
98% confidence
Finding
The Python polling example embeds a privileged token in source code, which is especially risky because code snippets are often copied directly into repositories or scripts. This spreads the secret beyond the skill and can create long-lived credential exposure in version control and local files.

Ssd 3

High
Confidence
98% confidence
Finding
The diagnostic command again exposes the admin bearer token in a likely-to-be-run example, making accidental leakage highly probable. Because diagnostics are often shared during troubleshooting, this context increases the chance of external propagation of the credential.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:24