ClawHub

jl-video-downloader

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent video downloader, but its wrapper and installer give it more local execution and persistent environment authority than users can safely assume.

Install only if you are comfortable with shell scripts that modify your shell startup files and run external package code. Review setup.sh and download.sh first, avoid untrusted URLs or arguments until eval is removed, do not place real account cookies in a globally sourced env file, and prefer manually installing pinned dependencies instead of using curl | sh.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares only allowed tools but no explicit permissions model despite extensively instructing shell execution, package installation, file edits, network access, and environment-variable handling. This creates a capability/permission mismatch that can lead users or agents to run impactful commands without clear consent boundaries or sandbox expectations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script reads arbitrary key/value pairs from ~/.jl-video-downloader/env and exports them into the process environment without any allowlist or validation. In a wrapper that later invokes external tooling, this can enable unintended behavior changes through unrelated environment variables and broadens the attack surface beyond the documented downloader settings.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The comment says environment variables are loaded 'safely', but the implementation exports arbitrary variables from a user-controlled file. This mismatch is risky because maintainers and users may trust the mechanism more than they should, while the unrestricted export can influence downstream tools in unexpected ways.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The installer persistently modifies the user's shell startup file to auto-source a generated environment loader on every new shell session. This exceeds the core need of a video downloader, creates long-lived side effects, and can silently persist future behavior changes if the env loader or config file is later altered.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The generated loader is described as only loading environment variables, but it also performs filesystem actions by creating directories from configuration values. This broadens the trust boundary: a sourced shell script now executes side effects during shell startup, which can create unwanted paths or interact with attacker-controlled env content if the config is tampered with.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill automates downloading and transcript extraction from third-party platforms and sends content-derived data through API-driven transcription flows, but it does not warn about privacy, copyright, or external data-transfer risks. Users may unknowingly process protected or sensitive media and expose content to external services without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly tells users to echo API keys to the terminal for troubleshooting. Terminals are often logged in shell history, CI logs, shared sessions, screenshots, or screen recordings, so this guidance can leak long-lived secrets even though it appears in a documentation context. In a skill that depends on multiple API keys, this increases the chance of credential exposure during normal use and support workflows.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script downloads and immediately executes a remote shell script via curl pipe to sh, without integrity verification, pinning, or explicit confirmation. If the remote host, network path, or install script is compromised, arbitrary code will execute with the user's privileges during setup.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The installer appends sourcing logic to the user's shell startup file without explicit consent at the point of modification. This creates persistent execution in future shell sessions and can surprise users, especially for a tool whose primary purpose is media downloading rather than shell environment management.

External Script Fetching

Low
Category
Supply Chain
Content
#### 1. "uv: command not found"
```bash
# 安装uv工具
curl -LsSf https://astral.sh/uv/install.sh | sh
# 或
pip install uv
```
Confidence
97% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Tool Parameter Abuse

High
Category
Tool Misuse
Content
export VIDEO_DOWNLOADER_CACHE_DIR="$HOME/.cache/jl-video-downloader"

# 清理缓存
rm -rf ~/.cache/jl-video-downloader/*
```

## 更新和维护
Confidence
91% confidence
Finding
rm -rf ~/.cache/jl-video-downloader/* ``` ## 更新和维护 ### 更新工具 ```bash # 更新uv uv self update # 更新jl-video-downloader uv tool upgrade jl-video-downloader ``` ### 重新安装 ```bash # 卸载 uv tool uninstall jl

Tool Parameter Abuse

High
Category
Tool Misuse
Content
export VIDEO_DOWNLOADER_CACHE_DIR="$HOME/.cache/jl-video-downloader"

# 清理缓存
rm -rf ~/.cache/jl-video-downloader/*
```

## 更新和维护
Confidence
91% confidence
Finding
rm -rf ~/.cache/jl-video-downloader/

Chaining Abuse

High
Category
Tool Misuse
Content
#### 1. "uv: command not found"
```bash
# 安装uv工具
curl -LsSf https://astral.sh/uv/install.sh | sh
# 或
pip install uv
```
Confidence
98% confidence
Finding
| sh

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
source ~/.jl-video-downloader/load_env.sh

# 或重新运行安装脚本
cd ~/.openclaw/workspace/skills/jl-video-downloader/scripts
./setup.sh config
```
Confidence
83% confidence
Finding
echo 'source ~/.jl-video-downloader/load_env.sh' >> ~/.bashrc

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal