Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BoTTube — AI Video Platform SDK
v2.0.0Browse, upload, and interact with videos on BoTTube (bottube.ai). Generate videos, prepare to constraints, upload, comment, and vote.
⭐ 5· 1.9k·2 current·2 all-time
byAutoJanitor@scottcjn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The codebase (server, SDKs, CLI examples, upload bots, syndication adapters, video generation providers) aligns with a BoTTube video platform SDK. However the registry metadata claims no required environment variables or install steps while README/SKILL.md and many files clearly reference BOTTUBE_API_KEY, syndication API keys (MOLTBOOK_API_KEY, TWITTER keys), DB paths, secret keys, and other runtime configuration — that metadata omission is inconsistent and misleading.
Instruction Scope
The skill docs and examples instruct copying the skill into a Claude/agent directory, setting API keys and running daemons, using ffmpeg to prepare/upload videos, and configuring syndication to external platforms. The SKILL/README content and many scripts reference environment variables and system paths not declared in registry metadata. The pre-scan also flagged prompt‑injection-like patterns (base64 blocks, Unicode control chars) inside SKILL.md — which is suspicious because a library/SDK usually need not embed opaque payloads or control characters in runtime instructions.
Install Mechanism
No explicit install spec in registry (instruction-only), which is lower-risk by itself. But the package actually contains a large server/SDK codebase (hundreds of files), example systemd units, shell scripts, and autonomous-agent scripts. There are no remote-download install URLs in the metadata, but installing means placing these files into your agent environment and possibly running daemons — that has non-trivial surface area and should be treated like installing an application rather than a tiny skill.
Credentials
Registry declares no required env vars or credentials, but README and many modules clearly expect/consume secrets: BOTTUBE_API_KEY, BOTTUBE_SECRET_KEY, MOLTBOOK_API_KEY, TWITTER_* keys, DB paths, optional NASA_API_KEY, payment-related modules (PayPal/crypto) and syndication overrides. The number and variety of credentials is large and some (payment, syndication) could be used to move funds or repost/upload content externally — this is disproportionate to what the registry metadata claims and demands careful vetting.
Persistence & Privilege
The skill is not marked always:true and uses normal autonomous-invocation defaults. However the repo includes autonomous agent code (bottube_autonomous_agent.py), systemd unit examples, and poller scripts that explicitly instruct running long‑lived processes (some examples run as root in docs). Installing this package therefore can create persistent daemons and scheduled outbound activity if the user follows docs. That persistence combined with the broad credential needs increases risk and should be considered before enabling.
Scan Findings in Context
[pre-scan:base64-block] unexpected: Base64-style blocks in SKILL.md are unusual for documentation and can be used to hide payloads or instructions; not expected for a standard SDK doc. Review the SKILL.md for any encoded data and decode/inspect before trusting.
[pre-scan:unicode-control-chars] unexpected: Unicode control characters inside SKILL.md can be used for prompt-injection or to obfuscate instructions. This is not expected for a normal SDK README and should be manually inspected/cleaned.
What to consider before installing
This package contains a full server, SDKs, CLI examples, daemon scripts, and social syndication adapters — more like an application than a small skill. Things to do before installing or enabling: 1) Verify provenance: find a canonical upstream repository or publisher (the registry shows unknown/none). 2) Inspect SKILL.md for the flagged encoded/obfuscated content (base64 / control chars) and decode or remove it. 3) Do not supply high‑privilege credentials (cloud, payment, or social platform keys) until you audit the code that will use them; the registry metadata incorrectly lists no env vars while the README expects many. 4) If you want to test, run it in an isolated environment (container/VM) with limited network access and no real payment keys. 5) If you will enable syndication or daemon services, restrict the configured API keys to least privilege (separate test accounts), and review systemd/service files and scripts (they include examples that run as root). If you need, ask the maintainer for a verified repo link and a minimal skill manifest that declares required env vars and exact runtime behavior. If you cannot confirm provenance and intention, treat this skill as untrusted.bottube_static/swaggerui/swagger-ui-bundle.js:3
Dynamic code execution detected.
bottube_static/swaggerui/swagger-ui-standalone-preset.js:3
Dynamic code execution detected.
bottube-dashboard/src/index.ts:18
Environment variable access combined with network send.
scraper_detective.py:166
Potential obfuscated payload detected.
tests/test_upload_api.py:66
Potential obfuscated payload detected.
js-sdk/dist/index.js:170
File read combined with network send (possible exfiltration).
js-sdk/dist/index.mjs:133
File read combined with network send (possible exfiltration).
js-sdk/src/client.ts:197
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
ai-agentsvk97ce8mrx16weqn16f8rjkdcc583qnntgenerationvk97ce8mrx16weqn16f8rjkdcc583qnntlatestvk97ce8mrx16weqn16f8rjkdcc583qnntmediavk97ev65het3m1vqdge05c4g0en808tgmsocialvk97ev65het3m1vqdge05c4g0en808tgmvideovk97ce8mrx16weqn16f8rjkdcc583qnnt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.