ClawHub

Download Tool

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed video downloader that uses a configured API key and external backend, with payment and storage implications users should understand.

Install only if you trust datamass.cn or your configured self-hosted backend with the video URLs you submit and with the API key used for billing. Avoid using it for private or access-controlled videos, monitor credit usage, and keep download_tool_base_url unset unless you intentionally use a trusted alternative server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script reads an API key and an overrideable base URL from a local user config file, giving the skill access to sensitive credentials and control over where they are sent. In a narrowly described 'download video' skill, this hidden credential access and endpoint indirection increase risk because a modified config can cause the key and user-supplied URLs to be transmitted to an unexpected third-party host without explicit user awareness.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are overly broad, including generic phrases like '下载视频' and even '提供任何视频平台的 URL', which can cause the skill to activate unintentionally on unrelated conversations containing links. Because this skill performs networked actions and uses a configured API key, accidental invocation could send user-supplied URLs and consume paid service credits without sufficiently explicit intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tool transmits the user-supplied video URL and the user's API key to a third-party backend without an explicit privacy or data-transfer warning. In this skill context, remote processing is expected, but the lack of transparent disclosure and the ability to override the backend URL make inadvertent data exposure more likely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script silently accesses sensitive local configuration to retrieve an API key, but provides no user-facing disclosure that it is reading credentials from the user's home directory. In an agent skill context, undisclosed secret access is dangerous because users may believe they are only supplying a video URL, while the skill also gains access to reusable credentials that can be sent over the network.

External Transmission

Medium
Category
Data Exfiltration
Content
"url": url
    }

    response = requests.post(endpoint, json=data, headers=headers, timeout=30)
    response.raise_for_status()

    result = response.json()
Confidence
88% confidence
Finding
requests.post(endpoint, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal