ClawHub

YouTube Short Maker

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Pexo YouTube Shorts wrapper, but it deserves review because it sends user content to a hosted service and uses a persistent API-key config file that is handled unsafely.

Review before installing if you will use sensitive prompts, private media, or a valuable Pexo account. Treat generated projects and uploaded files as data sent to Pexo, protect ~/.pexo/config with restrictive permissions, avoid setting PEXO_CONFIG to untrusted files, and rotate the API key if the config may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill is advertised narrowly as a YouTube Shorts maker, but its documented behavior exposes broader account and project operations such as listing projects, reading conversation/history, checking credits, and running diagnostics. This mismatch can mislead users and reviewers about the scope of data access and actions performed, increasing the chance of unintended data exposure or overbroad use of authenticated capabilities.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script sources a config file from a user-controllable path (`PEXO_CONFIG` or `~/.pexo/config`) using `source`, which executes arbitrary shell commands contained in that file. Because this is a diagnostic utility likely run interactively by users, a malicious or tampered config can achieve code execution in the user's shell context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that all creative work and prompt handling happen server-side via a hosted backend, but it does not clearly warn users that their prompts and possibly related content will be transmitted to an external service. This can create a privacy and data-handling risk because users may assume processing is local or agent-contained and may submit sensitive information without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to send the user's request verbatim to a third-party hosted backend, yet it does not require a clear privacy notice or consent step before transmitting potentially sensitive user content. Because the request may include personal data, business information, or uploaded media references, silent forwarding to an external service creates a meaningful privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions direct users to store a live API key in a plaintext file under their home directory without any warning about file permissions, local multi-user exposure, backups, or accidental disclosure. While common in CLI tooling, this is still a real credential-handling weakness because other local users, support tooling, backup systems, or malware could read the key if the file is not adequately protected.

Session Persistence

Medium
Category
Rogue Agent
Content
topic to the hosted Pexo agent and deliver the result; Pexo scripts it, generates the shots, and
assembles the Short with music and captions.

## Your role: relay, don't create

Create a project, send the user's request **verbatim**, poll, deliver. Pexo's backend handles
all creative work — scriptwriting, model choice, prompts, music. Adding your own direction
Confidence
88% confidence
Finding
create Create a project, send the user's request **verbatim**, poll, deliver. Pexo's backend handles all creative work — scriptwriting, model choice, prompts, music. Adding your own direction (durati

Session Persistence

Medium
Category
Rogue Agent
Content
## Quick Start

### 1. Create config file

```bash
mkdir -p ~/.pexo
Confidence
91% confidence
Finding
Create config file ```bash mkdir -p ~/.pexo cat > ~/.pexo/config << 'EOF' PEXO_BASE_URL="https://pexo.ai" PEXO_API_KEY="sk-<your-api-key>" EOF ``` Get your API key at: https://pexo.ai - If you do n

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal