ClawHub

Ai Video Gen

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it generates and edits AI videos using user-provided prompts, media, API keys, cloud providers, and FFmpeg, with no evidence of hidden persistence, exfiltration, or destructive behavior.

Install this in a virtual environment, keep provider API keys limited and private, monitor API usage for costs, and avoid sending confidential prompts, scripts, images, audio, or videos unless the providers' terms and retention policies are acceptable. Choose output paths carefully because FFmpeg commands use overwrite behavior for selected outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Tainted flow: 'video_url' from requests.get (line 125, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# Download video
        video_path = self.output_dir / f"video_{int(time.time())}.mp4"
        video_data = requests.get(video_url).content
        with open(video_path, 'wb') as f:
            f.write(video_data)
Confidence
86% confidence
Finding
video_data = requests.get(video_url).content

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes capabilities that require environment-variable access, file writing, network calls to third-party APIs, and shell/FFmpeg execution, but it does not declare permissions. This creates a transparency and consent gap: users or hosting systems may not understand the skill’s effective privileges, increasing the risk of unintended data access, external transmission, or command execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to configure API keys and use multiple third-party AI/video providers, but it does not explicitly warn that prompts, narration text, images, and possibly generated media will be transmitted to external services and may generate billable usage. This creates a real security/privacy and cost-risk issue because users may unknowingly send sensitive content to vendors or incur charges simply by following the documented workflow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends user-provided prompts and potentially user-supplied images, audio, and video to external AI providers such as OpenAI, Replicate, LumaAI, Runway, and ElevenLabs, yet it does not clearly warn users that their content may leave the local environment and may generate paid API charges. This is dangerous because users may unknowingly expose sensitive media or incur costs, especially in an end-to-end pipeline that can upload multiple assets across several vendors.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
User-supplied text is sent to OpenAI's TTS API, which transmits potentially sensitive content to a third-party service without any explicit warning or consent flow in the tool. In an agent-skill context, users may assume local processing, so this can create an unanticipated privacy and data-handling exposure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
User prompts are transmitted to external AI providers without any explicit consent, warning, or privacy disclosure in the tool flow. In a skill that may be used with proprietary concepts, internal scripts, or sensitive creative material, silent third-party transmission creates a real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Voiceover text is sent to an external TTS provider without clearly informing the user that narration content leaves the local environment. If users include confidential scripts, names, or regulated data, this can cause unintended disclosure to third-party processors.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
Confidence
95% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
replicate>=0.20.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
98% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
99% confidence
Finding
pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
84% confidence
Finding
requests

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
96% confidence
Finding
pillow

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
71% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal