ClawHub

TikTok Video Ad

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Pexo-hosted TikTok ad generation wrapper, but users should understand that prompts, uploaded media, API credentials, and credits are involved.

Install only if you are comfortable sending ad briefs and media to Pexo's hosted service and using Pexo account credits. Treat PEXO_API_KEY as a secret, keep ~/.pexo/config private, verify PEXO_BASE_URL points to https://pexo.ai, and avoid uploading sensitive customer, regulated, or proprietary material unless your organization permits it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The helper performs an additional entitlement/credit lookup unrelated to the advertised TikTok ad generation task. Even though it only prints balance information to stderr, it accesses account metadata beyond the user's explicit request, which expands data collection and can surprise users in a skill that should be narrowly scoped.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script executes `source "$config_path"` on a user-controlled file, which runs arbitrary shell code in the current process rather than parsing simple key/value settings. If an attacker can modify `~/.pexo/config` or influence `PEXO_CONFIG`, running this diagnostic script results in arbitrary command execution under the user's account.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
This package is advertised as a TikTok ad creation skill, but it contains an environment diagnostic that checks local dependencies, network reachability, and credential validity. That mismatch increases risk because users may run unexpected operational code that inspects the host and contacts external services outside the stated purpose of the skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that all creative work happens server-side via a hosted backend, but it does not clearly disclose that user prompts, product details, and potentially sensitive marketing content will be sent to an external service. In a skill that accepts ad-generation inputs, this omission can lead users to unknowingly transmit confidential business information, campaign plans, or proprietary product data off-host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send the user's request 'verbatim' to a hosted backend, but provides no user-facing notice that prompts, briefs, and attached asset references will leave the local environment and be processed by a third party. This creates a meaningful privacy and data-governance risk, especially if users include confidential marketing plans, customer data, or proprietary media.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill requires configuration of `PEXO_API_KEY` and external account usage, but does not warn users about credential sensitivity, storage hygiene, or the billing implications of using a paid third-party service. This can lead to accidental credential exposure or unintended charges if users follow setup instructions without understanding the risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to store a live API key in a plaintext file under ~/.pexo/config without warning about credential sensitivity or restricting file permissions. On multi-user systems, shared environments, backups, shell-history-adjacent workflows, or endpoint compromise, this increases the chance that the key is exposed and reused to access the Pexo account or consume credits.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script loads secrets from a local config and then sends the API key in an Authorization header to a remote endpoint to validate it, without an explicit warning or consent flow. In a skill whose stated purpose is ad generation, this hidden credential-handling behavior is risky because users may not expect local code execution and outbound transmission of sensitive credentials.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal