ClawHub

video2podcast

Security checks across malware telemetry and agentic risk

Overview

The skill matches its video-to-podcast purpose, but it needs review because it uses browser cookies by default and stores cloud storage credentials in a plaintext local env file.

Install only if you want an agent to download videos, use your R2 bucket, and publish a public podcast feed. Before use, set VIDPOD_COOKIE_BROWSER=none unless you intentionally want downloads to use browser login cookies, scope the R2 token to one bucket, restrict permissions on ~/.openclaw/.env, and review each add, sync, or remove action before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code configures yt-dlp to read cookies directly from a local browser profile via cookiesfrombrowser, which expands the skill's access to sensitive local session material beyond simple media conversion. Even if intended only to improve downloads, this can silently leverage authenticated browser sessions for age-restricted or logged-in content and increases the privacy and security risk surface.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases include broad natural-language requests such as 'Add this video to my podcast' and 'What's in my podcast feed?', which can cause accidental invocation when a user is discussing content rather than intentionally authorizing a state-changing action. Because this skill can download remote content and publish to persistent cloud storage, mistaken activation has meaningful side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup flow collects R2 access credentials and writes them into ~/.openclaw/.env in plaintext without warning, permission hardening, or use of a secure secret store. Any local process or user with access to that file can recover the credentials and use them to read or modify the hosted podcast assets.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal