ClawHub

Alibaba Ai Video Wan Video

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill mostly does what it says, but it ships an embedded Alibaba DashScope API key and can silently use it instead of the user's own key.

Review before installing. Remove the embedded DashScope key, require your own DASHSCOPE_API_KEY, and treat all prompts and generated-job data as being sent to Alibaba Cloud under that account's billing and retention policies. Some advertised workflows may not work because referenced helper scripts are missing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill documentation instructs users to invoke local shell scripts, but the metadata declares no corresponding permissions or execution capabilities. This creates a transparency and policy gap: a host may permit the skill under the assumption it is non-executing, while it actually relies on shell access and file output paths, increasing the risk of unintended command execution or unsafe file operations in downstream implementations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
A description-behavior mismatch is security-relevant here because the static analysis indicates undisclosed sensitive behavior, including a hardcoded Alibaba/DashScope API key and an API-key validity test against an unrelated chat completions endpoint. Hardcoded secrets can be extracted and abused for unauthorized API usage and billing, while hidden behavior and overstated functionality undermine trust and make review, consent, and sandboxing less effective.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds a live-looking Alibaba API key directly in source code and uses it for outbound requests. Hard-coded secrets are easily exposed through source control, package distribution, logs, or reuse by anyone who obtains the skill, enabling unauthorized use of the account and potential billing abuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds a fallback API key directly in the source: if DASHSCOPE_API_KEY is unset, it will silently use the hardcoded credential. Hardcoded secrets are highly dangerous because anyone with access to the skill can extract and abuse the key for unauthorized API usage, billing fraud, or access beyond the intended operator.

Missing User Warnings

High
Confidence
98% confidence
Finding
Using an embedded credential without clearly disclosing that the skill contains and transmits a secret hides significant security and ownership risk from users. Anyone running or redistributing the skill can unknowingly use someone else's credential or abuse it, and the absence of warning increases the likelihood of accidental exposure and misuse.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script sends the user's prompt to a third-party cloud API for video generation, which is expected for the feature, but it does so without an explicit privacy notice or consent step. If users include sensitive or proprietary text in prompts, that data is disclosed to an external provider without clear warning, creating privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal